Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1A70mZfanW.exe

Overview

General Information

Sample name:1A70mZfanW.exe
renamed because original name is a hash value
Original sample name:1cfbf03308f79ad07e0d303a0b3c9b6e.exe
Analysis ID:1578941
MD5:1cfbf03308f79ad07e0d303a0b3c9b6e
SHA1:791064735e251f2bce52991fa56a8b27af31aa82
SHA256:0e0a6b32901d6db7eb4873647a67ce0f69446a2efa2e87bd490d7a9c80e4c85c
Tags:exeuser-abuse_ch
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Contains functionality to infect the boot sector
Hides threads from debuggers
Performs DNS queries to domains with low reputation
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 1A70mZfanW.exe (PID: 3580 cmdline: "C:\Users\user\Desktop\1A70mZfanW.exe" MD5: 1CFBF03308F79AD07E0D303A0B3C9B6E)
    • 1A70mZfanW.exe (PID: 2132 cmdline: "C:\Users\user\Desktop\1A70mZfanW.exe" MD5: 1CFBF03308F79AD07E0D303A0B3C9B6E)
      • cmd.exe (PID: 4824 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-20T16:56:40.926042+010020581141Domain Observed Used for C2 Detected192.168.2.8493571.1.1.153UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 1A70mZfanW.exeReversingLabs: Detection: 34%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.2% probability
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A474 CryptReleaseContext,2_2_70B2A474
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A46C CryptGenRandom,2_2_70B2A46C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A37D40 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,2_2_70A37D40
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: 1A70mZfanW.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913031935.00007FFBAB4C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdb source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: 1A70mZfanW.exe, 00000002.00000002.1909681628.00007FFBAA1EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: 1A70mZfanW.exe, 00000002.00000002.1915573707.00007FFBB62A0000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32api.pdb source: 1A70mZfanW.exe, 00000002.00000002.1914173270.00007FFBAB862000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1916172099.00007FFBBB343000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: 1A70mZfanW.exe, 00000002.00000002.1912013470.00007FFBAAF9C000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: 1A70mZfanW.exe, 00000002.00000002.1910533921.00007FFBAA9C3000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: 1A70mZfanW.exe, 00000002.00000002.1909681628.00007FFBAA1EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1914621853.00007FFBAB89C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1914621853.00007FFBAB89C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32trace.pdb source: 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, win32trace.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1916325317.00007FFBBBE93000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb( source: 1A70mZfanW.exe, 00000002.00000002.1914904108.00007FFBB1890000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1911452817.00007FFBAAD6C000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913353675.00007FFBAB546000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: 1A70mZfanW.exe, 00000002.00000002.1913031935.00007FFBAB4C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdbO source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915364478.00007FFBB5C18000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913692034.00007FFBAB7ED000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: 1A70mZfanW.exe, 00000002.00000002.1914904108.00007FFBB1890000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 1A70mZfanW.exe, 00000000.00000003.1819663198.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915832261.00007FFBB7FC1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\_win32sysloader.pdb source: 1A70mZfanW.exe, 00000000.00000003.1823075889.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915154497.00007FFBB4C4D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1916017785.00007FFBBAE76000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: 1A70mZfanW.exe, 00000002.00000002.1909681628.00007FFBAA271000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdbz) source: 1A70mZfanW.exe, 00000002.00000002.1913353675.00007FFBAB546000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913990709.00007FFBAB832000.00000002.00000001.01000000.0000000F.sdmp, pyexpat.pyd.0.dr
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF7CFBDC06C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF7CFBDC06C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3158 FindFirstFileW,2_2_00007FFBAA2E3158
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 4x nop then push rbp2_2_70A2B990
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 4x nop then push rbp2_2_70A2B990

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2058114 - Severity 1 - ET MALWARE Iris Stealer CnC Domain in DNS Lookup (irisstealer .xyz) : 192.168.2.8:49357 -> 1.1.1.1:53
Performs DNS queries to domains with low reputation
Source: DNS query: script.irisstealer.xyz
Source: unknownDNS traffic detected: query: script.irisstealer.xyz replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: script.irisstealer.xyz
Source: 1A70mZfanW.exe, 00000002.00000002.1907202997.000001CD86B0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: 1A70mZfanW.exe, 00000002.00000003.1883809787.000001CD85B84000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888287705.000001CD85B86000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885008420.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905628450.000001CD860D1000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886307573.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890306248.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860D5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890821559.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892486817.000001CD860D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889386392.000001CD85B87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: 1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 1A70mZfanW.exe, 00000002.00000002.1906818979.000001CD864B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
Source: 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891233600.000001CD8622D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883641856.000001CD85B96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887286734.000001CD8622C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850862525.000001CD8577D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888703892.000001CD85BA2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1896152202.000001CD8622D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887510787.000001CD85BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: 1A70mZfanW.exe, 00000002.00000003.1889354413.000001CD85C9D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887443405.000001CD85C92000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1878982832.000001CD85C87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882834721.000001CD85C88000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850760786.000001CD85FF2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850760786.000001CD86031000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874224410.000001CD85BF8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884747073.000001CD85C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: 1A70mZfanW.exe, 00000002.00000003.1885102420.000001CD86DA3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1908190909.000001CD86DB4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886042314.000001CD86DB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906709287.000001CD863AE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: 1A70mZfanW.exe, 00000002.00000003.1885373683.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882288098.000001CD856B9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880042212.000001CD8622F000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903819135.000001CD856BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: 1A70mZfanW.exe, 00000002.00000003.1891763406.000001CD86037000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890871631.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885415216.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: 1A70mZfanW.exe, 00000002.00000003.1885102420.000001CD86DA3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906709287.000001CD863AE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: 1A70mZfanW.exe, 00000002.00000003.1885102420.000001CD86DA3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1908190909.000001CD86DB4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886042314.000001CD86DB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906709287.000001CD863AE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlB
Source: 1A70mZfanW.exe, 00000002.00000003.1880102241.000001CD85B20000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904799419.000001CD85B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: 1A70mZfanW.exe, 00000002.00000003.1885373683.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886381904.000001CD86233000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880042212.000001CD8622F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: 1A70mZfanW.exe, 00000002.00000003.1880102241.000001CD85B20000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904799419.000001CD85B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: 1A70mZfanW.exe, 00000002.00000003.1885373683.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886381904.000001CD86233000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880042212.000001CD8622F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 1A70mZfanW.exe, 00000002.00000003.1880102241.000001CD85B20000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904799419.000001CD85B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: 1A70mZfanW.exe, 00000002.00000003.1885373683.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880042212.000001CD8622F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: 1A70mZfanW.exe, 00000002.00000003.1880102241.000001CD85B20000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904799419.000001CD85B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlye
Source: 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
Source: _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.dig
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 1A70mZfanW.exe, 00000002.00000002.1905628450.000001CD860D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedm
Source: 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860D5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891454242.000001CD860D1000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905677217.000001CD860D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: 1A70mZfanW.exe, 00000002.00000003.1883809787.000001CD85B84000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888287705.000001CD85B86000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890306248.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890821559.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889386392.000001CD85B87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884706915.000001CD85B85000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: 1A70mZfanW.exe, 00000002.00000003.1885008420.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886307573.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893752909.000001CD86038000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86042000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891763406.000001CD86037000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: 1A70mZfanW.exe, 00000002.00000003.1881946922.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890953859.000001CD8618E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885740729.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906733246.000001CD863B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905886368.000001CD861D5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD868B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903984632.000001CD85785000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890745212.000001CD8615E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883641856.000001CD85B96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891277383.000001CD8619D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1907021969.000001CD867B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888703892.000001CD85B9A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890606403.000001CD8577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: 1A70mZfanW.exe, 00000002.00000002.1907397484.000001CD86B70000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880230617.000001CD86271000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86250000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874364133.000001CD86293000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886251310.000001CD86272000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906256437.000001CD86285000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879928277.000001CD86266000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860D5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905677217.000001CD860D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905759427.000001CD86124000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886600344.000001CD860EB000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: 1A70mZfanW.exe, 00000002.00000003.1882288098.000001CD856B9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903819135.000001CD856BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86384000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: 1A70mZfanW.exe, 00000002.00000003.1882288098.000001CD856B9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903819135.000001CD856BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es7
Source: 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904449256.000001CD859B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: 1A70mZfanW.exe, 00000002.00000003.1892654681.000001CD8573E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886251310.000001CD8629B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD8629B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1894011717.000001CD86367000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889555617.000001CD8573D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906256437.000001CD8629B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903926291.000001CD8573E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874364133.000001CD8629B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1898828455.000001CD86367000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883515357.000001CD8573A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8571F000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906505067.000001CD86368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: 1A70mZfanW.exe, 00000002.00000003.1892654681.000001CD8573E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889555617.000001CD8573D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903926291.000001CD8573E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883515357.000001CD8573A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8571F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0Zg
Source: 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1894011717.000001CD86367000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1898828455.000001CD86367000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906505067.000001CD86368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/B
Source: 1A70mZfanW.exe, 00000002.00000002.1905375121.000001CD85FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1895891335.000001CD8373C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905677217.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883173070.000001CD8373C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
Source: 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860D5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905677217.000001CD860D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: 1A70mZfanW.exe, 00000002.00000003.1879546034.000001CD86067000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883317912.000001CD8607E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891454242.000001CD860C2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889126596.000001CD86085000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD86914000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: 1A70mZfanW.exe, 00000002.00000002.1906733246.000001CD863B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906818979.000001CD864B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: 1A70mZfanW.exe, 00000002.00000002.1907202997.000001CD86AD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: 1A70mZfanW.exe, 00000002.00000003.1879546034.000001CD86067000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883317912.000001CD8607E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891454242.000001CD860C2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889126596.000001CD86085000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD86914000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905829434.000001CD8614A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891113281.000001CD8613C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892093789.000001CD86145000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891539459.000001CD86143000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86384000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882288098.000001CD856B9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903819135.000001CD856BA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885352121.000001CD86379000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906554902.000001CD86380000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86384000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884452358.000001CD83748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86384000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86384000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903265149.000001CD83749000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880806266.000001CD83745000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884452358.000001CD83748000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: 1A70mZfanW.exe, 00000000.00000003.1844651160.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: 1A70mZfanW.exe, 00000000.00000003.1845188792.0000022D7FE77000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1844651160.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1844651160.0000022D7FE76000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1916781054.0000022D7FE77000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891805865.000001CD85C96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887443405.000001CD85C92000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1878982832.000001CD85C87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882834721.000001CD85C88000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893855198.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889440369.000001CD85C92000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892578715.000001CD85C96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905512243.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874224410.000001CD85BF8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884747073.000001CD85C91000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 1A70mZfanW.exe, 00000002.00000002.1906733246.000001CD863B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885352121.000001CD86379000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885415216.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887373144.000001CD86052000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883641856.000001CD85B96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892486817.000001CD860D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86042000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891454242.000001CD860D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: 1A70mZfanW.exe, 00000002.00000002.1907021969.000001CD867B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: 1A70mZfanW.exe, 00000002.00000002.1908399863.000001CD86DDE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879546034.000001CD86067000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883317912.000001CD8607E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892157888.000001CD86085000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883231972.000001CD86DD5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1895605815.000001CD8608B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892374242.000001CD86087000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889126596.000001CD86085000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: 1A70mZfanW.exe, 00000002.00000003.1881813910.000001CD85BB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85BB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884635821.000001CD85BB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: 1A70mZfanW.exe, 00000002.00000003.1894011717.000001CD8636A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906528277.000001CD8636F000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1895891335.000001CD8373C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883173070.000001CD8373C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: 1A70mZfanW.exe, 00000002.00000003.1894011717.000001CD8636A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906528277.000001CD8636F000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps2
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905829434.000001CD8614A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891113281.000001CD8613C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892093789.000001CD86145000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891539459.000001CD86143000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892486817.000001CD860D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891454242.000001CD860D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880230617.000001CD86271000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86250000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874364133.000001CD86293000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886251310.000001CD86272000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906256437.000001CD86285000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879928277.000001CD86266000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
Source: 1A70mZfanW.exe, 1A70mZfanW.exe, 00000002.00000002.1912707294.00007FFBAB42B000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: 1A70mZfanW.exe, 00000002.00000002.1907021969.000001CD867B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: 1A70mZfanW.exe, 00000002.00000003.1880287474.000001CD836D0000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880343602.000001CD836D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884769269.000001CD8372B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881672516.000001CD836E5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890631596.000001CD83719000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893702419.000001CD8371C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882204430.000001CD83718000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1847525540.000001CD83728000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/astral-sh/ruff
Source: 1A70mZfanW.exe, 00000002.00000003.1850862525.000001CD8577D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: 1A70mZfanW.exe, 00000000.00000003.1823075889.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1843377421.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1840728100.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842966493.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841007297.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE75000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915002653.00007FFBB18A6000.00000002.00000001.01000000.0000000A.sdmp, 1A70mZfanW.exe, 00000002.00000002.1914266660.00007FFBAB874000.00000002.00000001.01000000.0000000D.sdmp, 1A70mZfanW.exe, 00000002.00000002.1913507511.00007FFBAB594000.00000002.00000001.01000000.0000000E.sdmp, win32ui.cp310-win_amd64.pyd.0.dr, win32trace.cp310-win_amd64.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: 1A70mZfanW.exe, 00000002.00000003.1894532826.000001CD85795000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883269669.000001CD85795000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906818979.000001CD864B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881226964.000001CD8578D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: 1A70mZfanW.exe, 00000002.00000002.1907501152.000001CD86CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: 1A70mZfanW.exe, 00000002.00000002.1906733246.000001CD863B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: 1A70mZfanW.exe, 00000002.00000002.1906733246.000001CD863B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingMEI35802
Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/wheel
Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/wheel/issues
Source: 1A70mZfanW.exe, 00000002.00000002.1903520080.000001CD853F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: 1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: 1A70mZfanW.exe, 00000002.00000003.1880287474.000001CD836D0000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880343602.000001CD836D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884769269.000001CD8372B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881672516.000001CD836E5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890631596.000001CD83719000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893702419.000001CD8371C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882204430.000001CD83718000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1847525540.000001CD83728000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: 1A70mZfanW.exe, 00000002.00000003.1880287474.000001CD836D0000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880343602.000001CD836D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884769269.000001CD8372B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881672516.000001CD836E5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890631596.000001CD83719000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893702419.000001CD8371C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882204430.000001CD83718000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1847525540.000001CD83728000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: 1A70mZfanW.exe, 00000002.00000002.1907021969.000001CD867B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: 1A70mZfanW.exe, 00000002.00000003.1893855198.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905512243.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: 1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: 1A70mZfanW.exe, 00000002.00000002.1907202997.000001CD86B0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: 1A70mZfanW.exe, 00000002.00000003.1894232238.000001CD860F4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: 1A70mZfanW.exe, 00000002.00000003.1893652067.000001CD836F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890871631.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885415216.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: 1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD86914000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890165191.000001CD85AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905829434.000001CD8614A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891113281.000001CD8613C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892093789.000001CD86145000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891539459.000001CD86143000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: 1A70mZfanW.exe, 00000002.00000003.1881946922.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885740729.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903984632.000001CD8577F000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890606403.000001CD8577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: 1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD868B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: METADATA0.0.drString found in binary or memory: https://pypi.org/project/setuptools/
Source: 1A70mZfanW.exe, 00000002.00000002.1910533921.00007FFBAA9C3000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: 1A70mZfanW.exe, 00000002.00000003.1879546034.000001CD861F5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1907397484.000001CD86B70000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905829434.000001CD8614A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD861FB000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893855198.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905512243.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891113281.000001CD8613C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD861FA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1897791679.000001CD861FB000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892093789.000001CD86145000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD861F9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891539459.000001CD86143000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889466912.000001CD861FB000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904449256.000001CD859B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: 1A70mZfanW.exe, 00000002.00000002.1907501152.000001CD86CB4000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905123085.000001CD85CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifa
Source: 1A70mZfanW.exe, 00000002.00000002.1905123085.000001CD85CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifap/
Source: 1A70mZfanW.exe, 00000002.00000002.1905466691.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885008420.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892895186.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886307573.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893855198.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifaz
Source: 1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850234938.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: 1A70mZfanW.exe, 00000002.00000003.1884399914.000001CD85BF5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890687784.000001CD85BF5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886843529.000001CD85BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basi
Source: 1A70mZfanW.exe, 00000002.00000003.1882506121.000001CD85BF5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880577916.000001CD85BF4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85BB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850155863.000001CD85BED000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: 1A70mZfanW.exe, 00000002.00000002.1904449256.000001CD859B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: 1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
Source: 1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
Source: 1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: 1A70mZfanW.exe, 00000002.00000003.1889261662.000001CD85FE7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887305828.000001CD85FC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: 1A70mZfanW.exe, 00000002.00000003.1883809787.000001CD85B84000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888287705.000001CD85B86000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890306248.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890821559.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889386392.000001CD85B87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884706915.000001CD85B85000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892486817.000001CD860D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86042000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891454242.000001CD860D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881606309.000001CD85AD8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882524563.000001CD85AF9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887333675.000001CD85AFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890554994.000001CD85AFB000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889636391.000001CD85AFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: 1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: 1A70mZfanW.exe, 00000002.00000002.1907202997.000001CD86AD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: 1A70mZfanW.exe, 00000002.00000002.1907202997.000001CD86AD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsp
Source: METADATA0.0.drString found in binary or memory: https://wheel.readthedocs.io/
Source: METADATA0.0.drString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: 1A70mZfanW.exe, 00000002.00000003.1891805865.000001CD85C96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887443405.000001CD85C92000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1878982832.000001CD85C87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882834721.000001CD85C88000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850760786.000001CD85FF2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850760786.000001CD86031000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889440369.000001CD85C92000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892578715.000001CD85C96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874224410.000001CD85BF8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884747073.000001CD85C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE73000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1824088412.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1895891335.000001CD8373C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883173070.000001CD8373C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1913097046.00007FFBAB4FA000.00000002.00000001.01000000.00000014.sdmp, 1A70mZfanW.exe, 00000002.00000002.1909925066.00007FFBAA2E7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.openssl.org/H
Source: 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905829434.000001CD8614A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891113281.000001CD8613C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892093789.000001CD86145000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891539459.000001CD86143000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: 1A70mZfanW.exe, 00000002.00000003.1881946922.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885740729.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903984632.000001CD8577F000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890606403.000001CD8577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: 1A70mZfanW.exe, 00000000.00000003.1843917333.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904449256.000001CD859B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: METADATA0.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: 1A70mZfanW.exe, 00000002.00000002.1903520080.000001CD85370000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: 1A70mZfanW.exe, 00000002.00000003.1885102420.000001CD86DA3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1908190909.000001CD86DB4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886042314.000001CD86DB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906709287.000001CD863AE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/2
Source: 1A70mZfanW.exe, 00000002.00000003.1894232238.000001CD860F4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,2_2_70A708E0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A4BC: DeviceIoControl,2_2_70B2A4BC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBE00100_2_00007FF7CFBE0010
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBE02A40_2_00007FF7CFBE02A4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC62D00_2_00007FF7CFBC62D0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD1DAC0_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDE4EC0_2_00007FF7CFBDE4EC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC790D0_2_00007FF7CFBC790D
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDE0C00_2_00007FF7CFBDE0C0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBCA0600_2_00007FF7CFBCA060
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDB13C0_2_00007FF7CFBDB13C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDC06C0_2_00007FF7CFBDC06C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBE3C180_2_00007FF7CFBE3C18
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD2BE00_2_00007FF7CFBD2BE0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD87F40_2_00007FF7CFBD87F4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBCE80C0_2_00007FF7CFBCE80C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC7FCC0_2_00007FF7CFBC7FCC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC97600_2_00007FF7CFBC9760
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC1B800_2_00007FF7CFBC1B80
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDFF2C0_2_00007FF7CFBDFF2C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC82D80_2_00007FF7CFBC82D8
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD1DAC0_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD07000_2_00007FF7CFBD0700
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC7AA40_2_00007FF7CFBC7AA4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD46840_2_00007FF7CFBD4684
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBE0A180_2_00007FF7CFBE0A18
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD6DE00_2_00007FF7CFBD6DE0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD92000_2_00007FF7CFBD9200
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBCE5A40_2_00007FF7CFBCE5A4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDB13C0_2_00007FF7CFBDB13C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A0E6F02_2_70A0E6F0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A0A7B02_2_70A0A7B0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A6FC002_2_70A6FC00
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A3B1A02_2_70A3B1A0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A311C02_2_70A311C0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A7E1602_2_70A7E160
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A6D2802_2_70A6D280
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A0F2202_2_70A0F220
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A962302_2_70A96230
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A262002_2_70A26200
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A013E02_2_70A013E0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A433202_2_70A43320
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A223602_2_70A22360
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A403502_2_70A40350
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A3E4B02_2_70A3E4B0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A3D4502_2_70A3D450
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A435A02_2_70A435A0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A235902_2_70A23590
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A7D5602_2_70A7D560
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A225402_2_70A22540
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A0F7C02_2_70A0F7C0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A6B7C02_2_70A6B7C0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A357402_2_70A35740
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A3E8D02_2_70A3E8D0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A6C8652_2_70A6C865
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A348702_2_70A34870
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A2B9902_2_70A2B990
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A419902_2_70A41990
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A249F02_2_70A249F0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A31A802_2_70A31A80
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A29AC02_2_70A29AC0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A38A102_2_70A38A10
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A6EA102_2_70A6EA10
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A7DA402_2_70A7DA40
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A26BC02_2_70A26BC0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A3CB702_2_70A3CB70
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A36B502_2_70A36B50
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A39CF02_2_70A39CF0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A56C322_2_70A56C32
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A6DDA02_2_70A6DDA0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A5DD902_2_70A5DD90
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A76DE02_2_70A76DE0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A26D602_2_70A26D60
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A3AD602_2_70A3AD60
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A35EA02_2_70A35EA0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A37EC02_2_70A37EC0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A07E202_2_70A07E20
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A18E402_2_70A18E40
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A6BF802_2_70A6BF80
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A56FC02_2_70A56FC0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A3CF602_2_70A3CF60
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBC790D2_2_00007FF7CFBC790D
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDE0C02_2_00007FF7CFBDE0C0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBCA0602_2_00007FF7CFBCA060
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDC06C2_2_00007FF7CFBDC06C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD87F42_2_00007FF7CFBD87F4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBE00102_2_00007FF7CFBE0010
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBCE80C2_2_00007FF7CFBCE80C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBC7FCC2_2_00007FF7CFBC7FCC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBC97602_2_00007FF7CFBC9760
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDFF2C2_2_00007FF7CFBDFF2C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD1DAC2_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD07002_2_00007FF7CFBD0700
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD46842_2_00007FF7CFBD4684
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD6DE02_2_00007FF7CFBD6DE0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBCE5A42_2_00007FF7CFBCE5A4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD1DAC2_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDE4EC2_2_00007FF7CFBDE4EC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDB13C2_2_00007FF7CFBDB13C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBE3C182_2_00007FF7CFBE3C18
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD2BE02_2_00007FF7CFBD2BE0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBC1B802_2_00007FF7CFBC1B80
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBC82D82_2_00007FF7CFBC82D8
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBE02A42_2_00007FF7CFBE02A4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBC7AA42_2_00007FF7CFBC7AA4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBC62D02_2_00007FF7CFBC62D0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBE0A182_2_00007FF7CFBE0A18
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD92002_2_00007FF7CFBD9200
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDB13C2_2_00007FF7CFBDB13C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA142C402_2_00007FFBAA142C40
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA5DA32_2_00007FFBA9FA5DA3
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA23F12_2_00007FFBA9FA23F1
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA60DC2_2_00007FFBA9FA60DC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA4E4E2_2_00007FFBA9FA4E4E
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA5E252_2_00007FFBA9FA5E25
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA082EB02_2_00007FFBAA082EB0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FBEF002_2_00007FFBA9FBEF00
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA1B222_2_00007FFBA9FA1B22
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA46332_2_00007FFBA9FA4633
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA72C52_2_00007FFBA9FA72C5
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FBF0602_2_00007FFBA9FBF060
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA213F2_2_00007FFBA9FA213F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA5B0F2_2_00007FFBA9FA5B0F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA4D042_2_00007FFBA9FA4D04
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA0D63102_2_00007FFBAA0D6310
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA34862_2_00007FFBA9FA3486
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA47462_2_00007FFBA9FA4746
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA378D2_2_00007FFBA9FA378D
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA43592_2_00007FFBA9FA4359
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA1B312_2_00007FFBA9FA1B31
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA57D12_2_00007FFBA9FA57D1
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA5A602_2_00007FFBA9FA5A60
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA6EF12_2_00007FFBA9FA6EF1
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA5D8A2_2_00007FFBA9FA5D8A
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA114F2_2_00007FFBA9FA114F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FBF2002_2_00007FFBA9FBF200
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA0DB2002_2_00007FFBAA0DB200
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA29CD2_2_00007FFBA9FA29CD
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA704A2_2_00007FFBA9FA704A
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA1DF7D02_2_00007FFBAA1DF7D0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA1EA12_2_00007FFBA9FA1EA1
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA6F282_2_00007FFBA9FA6F28
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FCB8502_2_00007FFBA9FCB850
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FCB4C02_2_00007FFBA9FCB4C0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA0D74F02_2_00007FFBAA0D74F0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA51692_2_00007FFBA9FA5169
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBA9FA3B932_2_00007FFBA9FA3B93
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA5DCAD02_2_00007FFBAA5DCAD0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 70A96380 appears 31 times
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 00007FFBA9FA2734 appears 152 times
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 00007FFBA9FA1EF1 appears 408 times
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 70A968F0 appears 192 times
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 70A2D050 appears 325 times
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 00007FF7CFBC2760 appears 82 times
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: String function: 00007FFBA9FA4057 appears 224 times
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _pytransform.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: 1A70mZfanW.exe, 00000000.00000003.1822924126.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1833347280.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1823075889.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.cp310-win_amd64.pyd0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1819663198.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1843377421.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.cp310-win_amd64.pyd0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1840728100.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.cp310-win_amd64.pyd0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1841882095.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1842966493.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.cp310-win_amd64.pyd0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1820529625.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1841007297.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1822762197.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1820266479.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE75000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.cp310-win_amd64.pyd0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exeBinary or memory string: OriginalFilename vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1915002653.00007FFBB18A6000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1911322156.00007FFBAAAE0000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1914266660.00007FFBAB874000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamewin32api.cp310-win_amd64.pyd0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1915674634.00007FFBB62AB000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1914781927.00007FFBAB8A5000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1912101600.00007FFBAAFA6000.00000002.00000001.01000000.0000002D.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1913097046.00007FFBAB4FA000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibsslH vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1915909378.00007FFBB7FC7000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1916083454.00007FFBBAE7D000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1914050398.00007FFBAB83D000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1911889583.00007FFBAAD71000.00000002.00000001.01000000.0000002B.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1913861216.00007FFBAB805000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1909925066.00007FFBAA2E7000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1916234159.00007FFBBB346000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1913507511.00007FFBAB594000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1916392288.00007FFBBBE96000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1915233656.00007FFBB4C52000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1915461490.00007FFBB5C22000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 1A70mZfanW.exe
Source: 1A70mZfanW.exe, 00000002.00000002.1910217094.00007FFBAA673000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs 1A70mZfanW.exe
Source: classification engineClassification label: mal72.troj.evad.winEXE@6/87@1/0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC6FA0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7CFBC6FA0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6884:120:WilError_03
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802Jump to behavior
Source: 1A70mZfanW.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\1A70mZfanW.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 1A70mZfanW.exe, 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: 1A70mZfanW.exeReversingLabs: Detection: 34%
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile read: C:\Users\user\Desktop\1A70mZfanW.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\1A70mZfanW.exe "C:\Users\user\Desktop\1A70mZfanW.exe"
Source: C:\Users\user\Desktop\1A70mZfanW.exeProcess created: C:\Users\user\Desktop\1A70mZfanW.exe "C:\Users\user\Desktop\1A70mZfanW.exe"
Source: C:\Users\user\Desktop\1A70mZfanW.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\1A70mZfanW.exeProcess created: C:\Users\user\Desktop\1A70mZfanW.exe "C:\Users\user\Desktop\1A70mZfanW.exe"Jump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: 1A70mZfanW.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 1A70mZfanW.exeStatic file information: File size 19483721 > 1048576
Source: 1A70mZfanW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 1A70mZfanW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 1A70mZfanW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 1A70mZfanW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 1A70mZfanW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 1A70mZfanW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 1A70mZfanW.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 1A70mZfanW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: 1A70mZfanW.exe, 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913031935.00007FFBAB4C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdb source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: 1A70mZfanW.exe, 00000002.00000002.1909681628.00007FFBAA1EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: 1A70mZfanW.exe, 00000002.00000002.1915573707.00007FFBB62A0000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32api.pdb source: 1A70mZfanW.exe, 00000002.00000002.1914173270.00007FFBAB862000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: 1A70mZfanW.exe, 00000000.00000003.1822409107.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1916172099.00007FFBBB343000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: 1A70mZfanW.exe, 00000002.00000002.1912013470.00007FFBAAF9C000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: 1A70mZfanW.exe, 00000000.00000003.1821195177.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: 1A70mZfanW.exe, 00000002.00000002.1910533921.00007FFBAA9C3000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: 1A70mZfanW.exe, 00000002.00000002.1909681628.00007FFBAA1EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1914621853.00007FFBAB89C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: 1A70mZfanW.exe, 00000000.00000003.1819819525.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: 1A70mZfanW.exe, 00000000.00000003.1820913802.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1914621853.00007FFBAB89C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: 1A70mZfanW.exe, 00000000.00000003.1821091053.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32trace.pdb source: 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, win32trace.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: 1A70mZfanW.exe, 00000000.00000003.1841623494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1916325317.00007FFBBBE93000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb( source: 1A70mZfanW.exe, 00000002.00000002.1914904108.00007FFBB1890000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: 1A70mZfanW.exe, 00000000.00000003.1842444583.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1911452817.00007FFBAAD6C000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913353675.00007FFBAB546000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: 1A70mZfanW.exe, 00000002.00000002.1913031935.00007FFBAB4C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdbO source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: 1A70mZfanW.exe, 00000000.00000003.1822568494.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915364478.00007FFBB5C18000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913692034.00007FFBAB7ED000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: 1A70mZfanW.exe, 00000002.00000002.1914904108.00007FFBB1890000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 1A70mZfanW.exe, 00000000.00000003.1819663198.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915832261.00007FFBB7FC1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\_win32sysloader.pdb source: 1A70mZfanW.exe, 00000000.00000003.1823075889.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: 1A70mZfanW.exe, 00000000.00000003.1819948243.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915154497.00007FFBB4C4D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: 1A70mZfanW.exe, 00000000.00000003.1820751299.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1916017785.00007FFBBAE76000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: 1A70mZfanW.exe, 00000002.00000002.1909681628.00007FFBAA271000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdbz) source: 1A70mZfanW.exe, 00000002.00000002.1913353675.00007FFBAB546000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: 1A70mZfanW.exe, 00000002.00000002.1913990709.00007FFBAB832000.00000002.00000001.01000000.0000000F.sdmp, pyexpat.pyd.0.dr
Source: 1A70mZfanW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 1A70mZfanW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 1A70mZfanW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 1A70mZfanW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 1A70mZfanW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,2_2_70A708E0
Source: md__mypyc.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x280fa
Source: _MD5.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x12225
Source: _chacha20.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x741f
Source: _SHA1.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbd05
Source: _scrypt.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x80b5
Source: _raw_blowfish.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x11ec6
Source: pythoncom310.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x8ce57
Source: _MD2.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x110e3
Source: _raw_cbc.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3a38
Source: win32trace.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10f52
Source: _raw_arc2.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x966e
Source: _raw_ctr.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x46bb
Source: _raw_cast.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x7870
Source: _modexp.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xdf94
Source: _ghash_clmul.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9c9d
Source: _Salsa20.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3657
Source: _RIPEMD160.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x6f18
Source: _SHA384.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x100ff
Source: _BLAKE2s.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x50f7
Source: _poly1305.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbea9
Source: _SHA224.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x13d1f
Source: _cffi_backend.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3108a
Source: _raw_aes.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x14e8f
Source: win32ui.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x16a344
Source: _raw_ecb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x4c1b
Source: _cpuid_c.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xe2b6
Source: _BLAKE2b.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x864f
Source: pywintypes310.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2c30d
Source: _raw_aesni.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xd2c3
Source: win32api.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x25cc2
Source: _raw_ocb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x14299
Source: _raw_des.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x124f2
Source: _raw_cfb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9762
Source: _MD4.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9fa9
Source: _raw_des3.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10195
Source: _strxor.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10aad
Source: _win32sysloader.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x8e07
Source: _raw_ofb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x727a
Source: _ec_ws.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc5419
Source: _keccak.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xaf1b
Source: _raw_eksblowfish.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc1e6
Source: _ARC4.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc8ba
Source: _pytransform.dll.0.drStatic PE information: real checksum: 0x11edfe should be: 0x11dbef
Source: md.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xf357
Source: _ghash_portable.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xa111
Source: _SHA512.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbd08
Source: _SHA256.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xa85b
Source: 1A70mZfanW.exeStatic PE information: section name: _RDATA
Source: _pytransform.dll.0.drStatic PE information: section name: .xdata
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: python310.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A4BC push rbp; retf 2_2_70B2A4BF
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A4A4 push r14; retf 2_2_70B2A4A7
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A4AC push rbp; retf 2_2_70B2A4AF
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A49C push rsi; retf 2_2_70B2A49F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A49C push rsi; retf 2_2_70B2A4E7
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A4FC push rbp; retf 2_2_70B2A4FF
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A4DC push rbp; retf 2_2_70B2A4F7
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A4C4 push rdi; retf 2_2_70B2A4CF
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A474 push rsi; retf 2_2_70B2A49F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A46C push rsi; retf 2_2_70B2A49F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A5BC push rsp; retf 2_2_70B2A5BF
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A5A4 push rsi; retf 2_2_70B2A5AF
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A58C push rbp; retf 2_2_70B2A58F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A5F4 push rbp; retf 2_2_70B2A5F7
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A5CC push rbp; retf 2_2_70B2A5CF
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A52C push rsi; retf 2_2_70B2A52F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A52C push rbp; retf 2_2_70B2A537
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A504 push rbp; retf 2_2_70B2A507
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A50C push rsi; retf 2_2_70B2A52F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A554 push rbp; retf 2_2_70B2A55F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A54C push rbp; retf 2_2_70B2A54F
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A73C pushfq ; retf 2_2_70B2A74E
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A744 pushfq ; retf 2_2_70B2A74E
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3088 push rsi; retf 2_2_00007FFBAA2E309B
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3080 push rsi; retf 2_2_00007FFBAA2E308B
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3070 push rbp; retf 2_2_00007FFBAA2E3073
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3118 push rsi; retf 2_2_00007FFBAA2E311B
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3158 push rsi; retf 2_2_00007FFBAA2E315B
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3130 push rbp; retf 2_2_00007FFBAA2E3133
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3180 push rsi; retf 2_2_00007FFBAA2E3183
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3168 push rsp; retf 2_2_00007FFBAA2E316B

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_70A227E0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_70A22B90
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_win32sysloader.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\win32trace.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\pythoncom310.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\win32ui.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\win32api.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_70A227E0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_70A22B90
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBC3C90 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7CFBC3C90
Source: C:\Users\user\Desktop\1A70mZfanW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_win32sysloader.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\win32trace.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\pythoncom310.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\win32ui.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI35802\win32api.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\1A70mZfanW.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-15078
Source: C:\Users\user\Desktop\1A70mZfanW.exeAPI coverage: 3.6 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF7CFBDC06C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBDC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF7CFBDC06C
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7CFBD1DAC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3158 FindFirstFileW,2_2_00007FFBAA2E3158
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A06A70 GetSystemInfo,VirtualAlloc,VirtualAlloc,2_2_70A06A70
Source: 1A70mZfanW.exe, 00000000.00000003.1844283779.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: 1A70mZfanW.exeBinary or memory string: jqEMu
Source: 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1895891335.000001CD8373C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883173070.000001CD8373C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\1A70mZfanW.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD5750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7CFBD5750
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,2_2_70A708E0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBDDB48 GetProcessHeap,0_2_00007FF7CFBDDB48
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBCA8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7CFBCA8DC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBCB0C4 SetUnhandledExceptionFilter,0_2_00007FF7CFBCB0C4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBD5750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7CFBD5750
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBCAEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7CFBCAEE0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70B2A5CC SetUnhandledExceptionFilter,2_2_70B2A5CC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A96BD1 SetUnhandledExceptionFilter,2_2_70A96BD1
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A94FD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,2_2_70A94FD0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBCA8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7CFBCA8DC
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBCB0C4 SetUnhandledExceptionFilter,2_2_00007FF7CFBCB0C4
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBD5750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7CFBD5750
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FF7CFBCAEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7CFBCAEE0
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_00007FFBAA2E3070 SetUnhandledExceptionFilter,2_2_00007FFBAA2E3070
Source: C:\Users\user\Desktop\1A70mZfanW.exeProcess created: C:\Users\user\Desktop\1A70mZfanW.exe "C:\Users\user\Desktop\1A70mZfanW.exe"Jump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBE3A60 cpuid 0_2_00007FF7CFBE3A60
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\pywintypes310.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp0ul9kzr0 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\win32api.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\pythoncom310.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\_cffi_backend.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI35802\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeQueries volume information: C:\Users\user\Desktop\1A70mZfanW.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBCADC8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7CFBCADC8
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 0_2_00007FF7CFBE0010 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7CFBE0010
Source: C:\Users\user\Desktop\1A70mZfanW.exeCode function: 2_2_70A7094C GetVersion,GetCurrentThread,2_2_70A7094C
Source: C:\Users\user\Desktop\1A70mZfanW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
Bootkit		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		11
Process Injection		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets25
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
1A70mZfanW.exe35%ReversingLabsWin64.Adware.RedCap

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_pytransform.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_sqlite3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\_win32sysloader.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md__mypyc.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI35802\libssl-1_1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
script.irisstealer.xyz
unknown
unknowntrue
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85B88000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      http://repository.swisssign.com/B1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1894011717.000001CD86367000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1898828455.000001CD86367000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906505067.000001CD86368000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://www.dabeaz.com/ply)1A70mZfanW.exe, 00000002.00000002.1907021969.000001CD867B0000.00000004.00001000.00020000.00000000.sdmpfalse
          		unknown
          https://github.com/astral-sh/ruff1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
            		high
            http://crl.xrampsecurity.com/XGCA.crlye1A70mZfanW.exe, 00000002.00000003.1880102241.000001CD85B20000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904799419.000001CD85B22000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages1A70mZfanW.exe, 00000002.00000002.1904449256.000001CD859B0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/mhammond/pywin321A70mZfanW.exe, 00000000.00000003.1823075889.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1843377421.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1840728100.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1842966493.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1841007297.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000000.00000003.1843132660.0000022D7FE75000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1915002653.00007FFBB18A6000.00000002.00000001.01000000.0000000A.sdmp, 1A70mZfanW.exe, 00000002.00000002.1914266660.00007FFBAB874000.00000002.00000001.01000000.0000000D.sdmp, 1A70mZfanW.exe, 00000002.00000002.1913507511.00007FFBAB594000.00000002.00000001.01000000.0000000E.sdmp, win32ui.cp310-win_amd64.pyd.0.dr, win32trace.cp310-win_amd64.pyd.0.drfalse
                  		high
                  https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                    		high
                    http://crl.dhimyotis.com/certignarootca.crl01A70mZfanW.exe, 00000002.00000003.1885102420.000001CD86DA3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1908190909.000001CD86DB4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886042314.000001CD86DB3000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/python/importlib_metadataMETADATA.0.drfalse
                        		high
                        https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                          		high
                          https://github.com/python/importlib_metadata/issues1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                            		high
                            https://python.org/dev/peps/pep-0263/1A70mZfanW.exe, 00000002.00000002.1910533921.00007FFBAA9C3000.00000002.00000001.01000000.00000004.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#1A70mZfanW.exe, 00000002.00000003.1880287474.000001CD836D0000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880343602.000001CD836D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884769269.000001CD8372B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881672516.000001CD836E5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890631596.000001CD83719000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893702419.000001CD8371C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882204430.000001CD83718000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1847525540.000001CD83728000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://wheel.readthedocs.io/en/stable/news.htmlMETADATA0.0.drfalse
                                  		unknown
                                  http://crl.dhimyotis.com/certignarootca.crlB1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906709287.000001CD863AE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://importlib-metadata.readthedocs.io/METADATA.0.drfalse
                                      		high
                                      https://tools.ietf.org/html/rfc2388#section-4.41A70mZfanW.exe, 00000002.00000003.1889261662.000001CD85FE7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887305828.000001CD85FC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/pypa/packaging1A70mZfanW.exe, 00000002.00000002.1906733246.000001CD863B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://readthedocs.org/projects/importlib-metadata/badge/?version=latest1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                            		high
                                            https://refspecs.linuxfoundation.org/elf/gabi41A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifaz1A70mZfanW.exe, 00000002.00000002.1905466691.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885008420.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892895186.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886307573.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893855198.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations1A70mZfanW.exe, 00000002.00000002.1906818979.000001CD864B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://github.com/urllib3/urllib3/issues/2192#issuecomment-8218329631A70mZfanW.exe, 00000002.00000002.1907021969.000001CD867B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://blog.jaraco.com/skeleton1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                      		unknown
                                                      https://tools.ietf.org/html/rfc36101A70mZfanW.exe, 00000002.00000003.1883809787.000001CD85B84000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888287705.000001CD85B86000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890306248.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890821559.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889386392.000001CD85B87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884706915.000001CD85B85000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/platformdirs/platformdirs1A70mZfanW.exe, 00000002.00000003.1894532826.000001CD85795000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883269669.000001CD85795000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906818979.000001CD864B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881226964.000001CD8578D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://crl.dhimyotis.com/certignarootca.crl1A70mZfanW.exe, 00000002.00000003.1885102420.000001CD86DA3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906709287.000001CD863AE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://curl.haxx.se/rfc/cookie_spec.html1A70mZfanW.exe, 00000002.00000002.1907397484.000001CD86B70000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880230617.000001CD86271000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86250000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874364133.000001CD86293000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886251310.000001CD86272000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906256437.000001CD86285000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879928277.000001CD86266000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://ocsp.accv.es1A70mZfanW.exe, 00000002.00000003.1882288098.000001CD856B9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903819135.000001CD856BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifa1A70mZfanW.exe, 00000002.00000002.1907501152.000001CD86CB4000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905123085.000001CD85CD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://wwww.certigna.fr/autorites/21A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdMETADATA0.0.drfalse
                                                                      		high
                                                                      https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://json.org1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://repository.swisssign.com/0Zg1A70mZfanW.exe, 00000002.00000003.1892654681.000001CD8573E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889555617.000001CD8573D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903926291.000001CD8573E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883515357.000001CD8573A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8571F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6881A70mZfanW.exe, 00000002.00000002.1903520080.000001CD853F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://httpbin.org/get1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD86914000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890165191.000001CD85AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tools.ietf.org/html1A70mZfanW.exe, 00000002.00000002.1905375121.000001CD85FC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access1A70mZfanW.exe, 00000002.00000003.1882506121.000001CD85BF5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880577916.000001CD85BF4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85BB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850155863.000001CD85BED000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://wwww.certigna.fr/autorites/0m1A70mZfanW.exe, 00000002.00000003.1885102420.000001CD86DA3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1908190909.000001CD86DB4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886042314.000001CD86DB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906709287.000001CD863AE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/pypa/wheelMETADATA0.0.drfalse
                                                                                          		high
                                                                                          https://www.python.org/dev/peps/pep-0427/METADATA0.0.drfalse
                                                                                            		high
                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader1A70mZfanW.exe, 00000002.00000003.1880287474.000001CD836D0000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880343602.000001CD836D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884769269.000001CD8372B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881672516.000001CD836E5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890631596.000001CD83719000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893702419.000001CD8371C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882204430.000001CD83718000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1847525540.000001CD83728000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://foo/bar.tgz1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://httpbin.org/1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://wwww.certigna.fr/autorites/1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz1A70mZfanW.exe, 00000002.00000003.1891805865.000001CD85C96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887443405.000001CD85C92000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1878982832.000001CD85C87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882834721.000001CD85C88000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850760786.000001CD85FF2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850760786.000001CD86031000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889440369.000001CD85C92000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892578715.000001CD85C96000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874224410.000001CD85BF8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884747073.000001CD85C91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.python.org/3/reference/import.html#finders-and-loaders1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                        		high
                                                                                                        https://img.shields.io/badge/skeleton-2024-informational1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                          		high
                                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5351A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886600344.000001CD860EB000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy1A70mZfanW.exe, 00000002.00000003.1880287474.000001CD836D0000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880343602.000001CD836D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884769269.000001CD8372B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881672516.000001CD836E5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890631596.000001CD83719000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1893702419.000001CD8371C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882204430.000001CD83718000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1847525540.000001CD83728000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-761A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1895891335.000001CD8373C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905677217.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883173070.000001CD8373C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://crl.securetrust.com/STCA.crl1A70mZfanW.exe, 00000002.00000003.1880102241.000001CD85B20000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904799419.000001CD85B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://wwwsearch.sf.net/):1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880230617.000001CD86271000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86250000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874364133.000001CD86293000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886251310.000001CD86272000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906256437.000001CD86285000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879928277.000001CD86266000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt01A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86384000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882288098.000001CD856B9000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903819135.000001CD856BA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.accv.es/legislacion_c.htm1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884452358.000001CD83748000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.31A70mZfanW.exe, 00000002.00000002.1907202997.000001CD86AD8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cffi.readthedocs.io/en/latest/using.html#callbacks1A70mZfanW.exe, 1A70mZfanW.exe, 00000002.00000002.1912707294.00007FFBAB42B000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.xrampsecurity.com/XGCA.crl01A70mZfanW.exe, 00000002.00000003.1885373683.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880042212.000001CD8622F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tools.ietf.org/html/rfc52341A70mZfanW.exe, 00000002.00000003.1879546034.000001CD86067000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883317912.000001CD8607E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891454242.000001CD860C2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889126596.000001CD86085000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD86914000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.cert.fnmt.es/dpcs/1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885352121.000001CD86379000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885415216.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1887373144.000001CD86052000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl4.dig1A70mZfanW.exe, 00000000.00000003.1839504274.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://setuptools.pypa.io/en/latest/pkg_resources.html1A70mZfanW.exe, 00000002.00000003.1849926799.000001CD85B74000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1850234938.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1849872538.000001CD85BD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://google.com/mail1A70mZfanW.exe, 00000002.00000003.1894232238.000001CD860F4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://img.shields.io/pypi/v/importlib_metadata.svg1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://packaging.python.org/specifications/entry-points/1A70mZfanW.exe, 00000002.00000002.1907103713.000001CD868B0000.00000004.00001000.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/jaraco/jaraco.functools/issues/51A70mZfanW.exe, 00000002.00000003.1850862525.000001CD8577D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905263865.000001CD85EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.accv.es001A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86384000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903265149.000001CD83749000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880806266.000001CD83745000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879242004.000001CD83735000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884452358.000001CD83748000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884612469.000001CD86369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py1A70mZfanW.exe, 00000002.00000002.1903138023.000001CD83720000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.rfc-editor.org/info/rfc72531A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905829434.000001CD8614A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891113281.000001CD8613C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892093789.000001CD86145000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891539459.000001CD86143000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://bugs.python.org/issue23606)1A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf1A70mZfanW.exe, 00000002.00000003.1883809787.000001CD85B84000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888287705.000001CD85B86000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890306248.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890821559.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889386392.000001CD85B87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884706915.000001CD85B85000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://foss.heptapod.net/pypy/pypy/-/issues/35391A70mZfanW.exe, 00000002.00000002.1907021969.000001CD867B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.1A70mZfanW.exe, 00000002.00000003.1893855198.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905512243.000001CD8603D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://google.com/1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860D5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905677217.000001CD860D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://mahler:8092/site-updates.py1A70mZfanW.exe, 00000002.00000003.1881946922.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885740729.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1903984632.000001CD8577F000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879152294.000001CD8577C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890606403.000001CD8577D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.securetrust.com/SGCA.crl1A70mZfanW.exe, 00000002.00000003.1880102241.000001CD85B20000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880062257.000001CD85AD6000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1904799419.000001CD85B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://.../back.jpeg1A70mZfanW.exe, 00000002.00000002.1907202997.000001CD86B0C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://tools.ietf.org/html/rfc58691A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884258111.000001CD8603C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.python.org/download/releases/2.3/mro/.1A70mZfanW.exe, 00000002.00000002.1903520080.000001CD85370000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html1A70mZfanW.exe, 00000002.00000003.1883809787.000001CD85B84000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888287705.000001CD85B86000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885008420.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882416823.000001CD85B83000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881251191.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905628450.000001CD860D1000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860CD000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886307573.000001CD86002000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890306248.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889887165.000001CD860D5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890821559.000001CD85B8D000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880963927.000001CD85B43000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892486817.000001CD860D2000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889386392.000001CD85B87000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881192663.000001CD85FFA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/pypa/wheel/issuesMETADATA0.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://httpbin.org/post1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882980939.000001CD860FE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1905829434.000001CD8614A000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891113281.000001CD8613C000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892093789.000001CD86145000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889724060.000001CD86125000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886972398.000001CD86122000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1891539459.000001CD86143000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://ocsp.digif1A70mZfanW.exe, 00000000.00000003.1826066631.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedm1A70mZfanW.exe, 00000002.00000002.1905628450.000001CD860D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/Ousret/charset_normalizer1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://img.shields.io/pypi/pyversions/importlib_metadata.svg1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.firmaprofesional.com/cps01A70mZfanW.exe, 00000002.00000002.1908399863.000001CD86DDE000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879546034.000001CD86067000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883317912.000001CD8607E000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879075727.000001CD86362000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892157888.000001CD86085000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885191485.000001CD86387000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1883231972.000001CD86DD5000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885438944.000001CD863AA000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884373276.000001CD86386000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1895605815.000001CD8608B000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1892374242.000001CD86087000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889126596.000001CD86085000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1881638021.000001CD86363000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://tidelift.com/badges/package/pypi/importlib-metadata1A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/urllib3/urllib3/issues/29201A70mZfanW.exe, 00000002.00000002.1906901058.000001CD865B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://crl.securetrust.com/SGCA.crl01A70mZfanW.exe, 00000002.00000003.1885373683.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886381904.000001CD86233000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880042212.000001CD8622F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://yahoo.com/1A70mZfanW.exe, 00000002.00000003.1894232238.000001CD860F4000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD860E8000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882666047.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889529982.000001CD86222000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000002.1906011880.000001CD86229000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889610765.000001CD86227000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1888897149.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882551931.000001CD860F3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880761648.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880619547.000001CD860F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://crl.securetrust.com/STCA.crl01A70mZfanW.exe, 00000002.00000003.1885373683.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1882071875.000001CD86230000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1886381904.000001CD86233000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86221000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1880042212.000001CD8622F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%221A70mZfanW.exe, 00000000.00000003.1844761726.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-61A70mZfanW.exe, 00000002.00000003.1881813910.000001CD85BB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1879814081.000001CD85BB3000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1874526862.000001CD85B57000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1884635821.000001CD85BB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://wheel.readthedocs.io/METADATA0.0.drfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://crl.thawte.com/ThawteTimestampingCA.crl01A70mZfanW.exe, 00000000.00000003.1825920313.0000022D7FE68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://html.spec.whatwg.org/multipage/1A70mZfanW.exe, 00000002.00000003.1879271972.000001CD86045000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1890871631.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1885415216.000001CD86049000.00000004.00000020.00020000.00000000.sdmp, 1A70mZfanW.exe, 00000002.00000003.1889197643.000001CD86049000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            No contacted IP infos

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                            Analysis ID:1578941
                                                                                                                                                                                                            Start date and time:2024-12-20 16:54:57 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 7m 25s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:5
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:1A70mZfanW.exe
                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                            Original Sample Name:1cfbf03308f79ad07e0d303a0b3c9b6e.exe
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal72.troj.evad.winEXE@6/87@1/0
                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 80%
                                                                                                                                                                                                            • Number of executed functions: 93
                                                                                                                                                                                                            • Number of non-executed functions: 179
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                            • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.190.181.0, 20.190.181.5, 20.190.181.3, 40.126.53.14, 40.126.53.6, 40.126.53.11, 40.126.53.15, 40.126.53.19, 20.189.173.22, 20.109.210.53
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                            • VT rate limit hit for: 1A70mZfanW.exe

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            No simulations

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_ARC4.pydEi5hvT55El.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      SecurityUpdate.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        SnapshotLogExtractor.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                                                          Entropy (8bit):4.634028407547307
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:z8MwxTCa5Xv7BelL7u1R/r8qJ7pfpsPG6QEYHGBp5WCmNniHisDJ9UFv4:zTwxTltlelL7urFfUQa5NmYjDLU
                                                                                                                                                                                                                          MD5:BA43C9C79B726F52CD3187231E3A780F
                                                                                                                                                                                                                          SHA1:EC0538F8F32F3C58CB7430E82C416B44C0B03D12
                                                                                                                                                                                                                          SHA-256:7B5E1F955E198278A39B94F6AC18D49CEE21B99C8A951DE722FF99A153162A0B
                                                                                                                                                                                                                          SHA-512:A74056F9D853B2F020800D9DB0C1C50AD704E5DBD6B9A0A169E1BCC6299AB02E5D1F6A9C0A4FEBE9E14D8FE3264D836E67ADCD1AD2F1C380FED4A98A48E3F3E3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: Ei5hvT55El.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecurityUpdate.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SnapshotLogExtractor.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ................T........................................p............`.........................................`'.......(..d....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..*.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..$....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.010720322611065
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:EUBpDmr37utd9PHv2DznuRGMeS4JUHNDLUYd:mDit6DCVn4WZUW
                                                                                                                                                                                                                          MD5:991AA4813AF0ADF95B0DF3F59879E21C
                                                                                                                                                                                                                          SHA1:E44DB4901FFBBB9E8001B5B3602E59F6D2CCC9C8
                                                                                                                                                                                                                          SHA-256:5B86D84DA033128000D8BC00A237AB07D5FF75078216654C224854BEC0CD6641
                                                                                                                                                                                                                          SHA-512:C6A9DB8338330AB45A8522FBEF5B59374176AC4BF2C0BAE6471AA6FA4710B7EFE20E9331BA542FA274D32DE623A0B578A1A048765F000F74B1608FFA05E5C550
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`.........................................@8.......9..d....`.......P..L............p..$....1...............................1..8............0...............................text...x........................... ..`.rdata..2....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                                                          Entropy (8bit):5.030943993303202
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:fhgUBpDmr37utd9PVv2Jnl0Ne3erKr5okiy0Y23RAr2Z9lkNCqDLU/:sDitwJooNiyX2hUA9f0U/
                                                                                                                                                                                                                          MD5:43C8516BE2AE73FB625E8496FD181F1C
                                                                                                                                                                                                                          SHA1:6D38E8EE6D38759FDBA6558848DA62BB3FB51EC8
                                                                                                                                                                                                                          SHA-256:3A1ACFA87110ACE2F8B8F60B03E264F22E2B7E76B53AD98C3B260686B1C27C57
                                                                                                                                                                                                                          SHA-512:B8DCD4875EF7759DA1F8B96FC85DAC8910720C8168F09AC52DAF85C637955274093530406BE2A58EF237BFAB8CCDF4F06F96EBA7ADFC4F413CBF0E5A7D447774
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..d............p..$....1...............................1..8............0...............................text...(........................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):35840
                                                                                                                                                                                                                          Entropy (8bit):6.5985845002689825
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:ZOISQpPUUllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52E0H680xz4e:nLh7JbH1G4sS4j990th9VQFI
                                                                                                                                                                                                                          MD5:DACF0299F0ACD196C0B0C35440C9CF78
                                                                                                                                                                                                                          SHA1:CFFD37FE04854D60E87058B33CA313F532879BF7
                                                                                                                                                                                                                          SHA-256:1199152F31FC5179FD39733B6B7D60B7F4A7269FE28CBC434F87FA53810B305D
                                                                                                                                                                                                                          SHA-512:7FFA5A8979F4258968E37540348E62FD22C795981F4AA9A6962DDEC17CEC8265EC7A7FF7EE4A2EBADF4DA35062972E4C7ADF7C8D4031B60AE218872807E092D9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...]."`.........." .....H...F......T.....................................................`.........................................0...........d...............................0......................................8............`...............................text....G.......H.................. ..`.rdata...5...`...6...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                                                          Entropy (8bit):5.181873142782463
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:9Ee15je/I3TuvPfB1LeLi2jcXdq2QdeJgDZETDRcYcaKAADLU5YUod:992Y6/B1KL4XdQdggDZ8EU5YUm
                                                                                                                                                                                                                          MD5:5D1CAEEDC9595EC0A30507C049F215D7
                                                                                                                                                                                                                          SHA1:B963E17679A0CB1EFDC388B8218BE7373DE8E6CC
                                                                                                                                                                                                                          SHA-256:A5C4143DDFA6C10216E9467A22B792541096E222EFE71C930A5056B917E531A0
                                                                                                                                                                                                                          SHA-512:BE8471BE53AFA1EDCAA742B7D1D4222D15D4682BA8E1F8376FC65C46CCC5FE0890D24BBAFB6616F625D5D37A087762317EBAA4AE6518443E644FA01EBC4496E5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................[........................*.......................................7............Rich....................PE..d...]."`.........." ......... ......T.....................................................`.........................................p9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                                          Entropy (8bit):5.400580637932519
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:rEJe0rPeLTuUt4/wgroOCouz7ucc9dJ7oAAokDLU45Gc:3mUGr9n6769laU45
                                                                                                                                                                                                                          MD5:4795B16B5E63AEE698E8B601C011F6E6
                                                                                                                                                                                                                          SHA1:4AA74966B5737A818B168DA991472380FE63AD3E
                                                                                                                                                                                                                          SHA-256:78DB7D57C23AC96F5D56E90CFB0FBB2E10DE7C6AF48088354AA374709F1A1087
                                                                                                                                                                                                                          SHA-512:73716040ECF217E41A34FADEA6046D802982F2B01D0133BFD5C215499C84CB6D386AF81235CA21592722F57EA31543D35B859BE2AF1972F347C93A72131C06C2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...]."`.........." ....."... ......T.....................................................`.........................................@I.......I..d....p.......`..................$....B...............................B..8............@...............................text...8 .......".................. ..`.rdata.......@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                          Entropy (8bit):6.159203027693185
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:iUpJ7Grjup/vx81AguKUiZA3OkJYkO8d3KobfoHJAyZJg8D0KThxA+rAQE+tnJi8:I2XKAs3ZArTvHbgpJgLa0Mp83xhUoz
                                                                                                                                                                                                                          MD5:9F33973B19B84A288DF7918346CEC5E4
                                                                                                                                                                                                                          SHA1:A646146337225D3FA064DE4B15BF7D5C35CE5338
                                                                                                                                                                                                                          SHA-256:DC86A67CFF9CB3CC763AAAB2D357EC6DBC0616A5DFC16EBE214E8E2C04242737
                                                                                                                                                                                                                          SHA-512:D7FFA4A640EBD2C9121DBD1BA107B5D76C0385524C4F53DE6FDA1BB0EC16541CEF1981F7E1DAA84F289D4A7D566B0620690AF97AF47F528BBF5B2CD6E49FE90C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....$..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text...H#.......$.................. ..`.rdata.......@.......(..............@..@.data...H....`.......F..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc..0............N..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):24576
                                                                                                                                                                                                                          Entropy (8bit):6.493034619151615
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:pksGDsFSQkHUleKaZXmrfXA+UA10ol31tuXOQkUdT:kTK0K4XmrXA+NNxW+Ud
                                                                                                                                                                                                                          MD5:89D4B1FC3A62B4A739571855F22E0C18
                                                                                                                                                                                                                          SHA1:F0F6A893A263EEEB00408F5F87DC9ABB3D3259A6
                                                                                                                                                                                                                          SHA-256:3832F95FE55D1B4DA223DF5438414F03F18D5EF4AAFD285357A81E4ED5AD5DA1
                                                                                                                                                                                                                          SHA-512:20C713564C0658FD7A26F56BF629B80FCB4E7F785E66A00163933D57C8E5A344F6B0476F7395A6D8A526D78A60C85884CEFF6B3F812A8EE07E224C9E91F878C1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...^."`.........." .....$...>............................................................`.........................................@h.......h..d...............................0....a...............................a..8............@...............................text...x".......$.................. ..`.rdata...,...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):4.700268562557766
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:zh05p7mr3Tutd9PUv2anKfI1ve86rYDLUa:tD6t/GKfevTTUa
                                                                                                                                                                                                                          MD5:73DD025BFA3CFB38E5DAAD0ED9914679
                                                                                                                                                                                                                          SHA1:65D141331E8629293146D3398A2F76C52301D682
                                                                                                                                                                                                                          SHA-256:C89F3C0B89CFEE35583D6C470D378DA0AF455EBD9549BE341B4179D342353641
                                                                                                                                                                                                                          SHA-512:20569F672F3F2E6439AFD714F179A590328A1F9C40C6BC0DC6FCAD7581BC620A877282BAF7EC7F16AAA79724BA2165F71D79AA5919C8D23214BBD39611C23AED
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                                                          Entropy (8bit):4.99372428436515
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:Dardk3qQb3GukBPZCLfSQl+x5DLUzbgd6:dNzFkHCLKUzbO
                                                                                                                                                                                                                          MD5:E87AAC7F2A9BF57D6796E5302626EE2F
                                                                                                                                                                                                                          SHA1:4B633501E76E96C8859436445F38240F877FC6C6
                                                                                                                                                                                                                          SHA-256:97BF9E392D6AD9E1EC94237407887EA3D1DEC2D23978891A8174C03AF606FD34
                                                                                                                                                                                                                          SHA-512:108663F0700D9E30E259A62C1AE35B23F5F2ABD0EFF00523AAE171D1DB803DA99488C7395AFD3AD54A242F0CB2C66A60E6904D3E3F75BB1193621FD65DF4AD5C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@....................@......@......@......f......f......f.~.....f......Rich....................PE..d...`."`.........." ................T.....................................................`..........................................8......H9..d....`.......P..d............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                                                          Entropy (8bit):5.274628449067808
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:ktVGzeoI3DuzPpcAdXdO57EEE/quBiFElcUNIDLUnF6+ud:nNYqFcAdXdDqurIUnUp
                                                                                                                                                                                                                          MD5:F3F30D72D6D7F4BA94B3C1A9364F1831
                                                                                                                                                                                                                          SHA1:46705C3A35C84BF15CF434E2607BDDD18991E138
                                                                                                                                                                                                                          SHA-256:7820395C44EAB26DE0312DFC5D08A9A27398F0CAA80D8F9A88DEE804880996FF
                                                                                                                                                                                                                          SHA-512:01C5EA300A7458EFE1B209C56A826DF0BF3D6FF4DD512F169D6AEE9D540600510C3249866BFB991975CA5E41C77107123E480EDA4D55ECCB88ED22399EE57912
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........o....................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ......... ......T.....................................................`.........................................P9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):56832
                                                                                                                                                                                                                          Entropy (8bit):4.23001088085281
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:m3gj0/sz71dv/ZHkVnYcZiGKdZHDLIK4vnKAnKorZOzUbq+K9:7jssHZHTr4vZHb69
                                                                                                                                                                                                                          MD5:020A1E1673A56AF5B93C16B0D312EF50
                                                                                                                                                                                                                          SHA1:F69C1BB224D30F54E4555F71EA8CAD4ACB5D39BC
                                                                                                                                                                                                                          SHA-256:290B3ED6151B7BF8B7B227EF76879838294F7FF138AF68E083C2FDDC0A50E4FC
                                                                                                                                                                                                                          SHA-512:71B5ED33B51F112896BB59D39B02010B3ABC02B3032BD17E2AA084807492DA71BDE8F12ADEF72C6CC0A5A52D783CD7595EEC906C394A21327ADAB2927E853B1F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....6...................................................0............`.....................................................d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata..T....P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):57344
                                                                                                                                                                                                                          Entropy (8bit):4.2510443883540265
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:wVgj0/sKzNweVC/ZHkNnYcZiGKdZHDLaK0vnKAnKLrZVwUbqeo:njsskKZHLR0vZmbx
                                                                                                                                                                                                                          MD5:EC55478B5DD99BBE1EBA9D6AD8BDE079
                                                                                                                                                                                                                          SHA1:EC730D05FEEC83B1D72784C2265DC2E2CF67C963
                                                                                                                                                                                                                          SHA-256:1AF46CBE209E3F1D30CCC0BA9F7E5A455554CAF8B1E3E42F9A93A097D9F435AC
                                                                                                                                                                                                                          SHA-512:55FE28E839117A19DF31165FEA3DED3F9DFC0DDA16B437CF274174E9AE476C0E5B869FFB8B2CF1880189BFAC3917E8D7078FA44FC96CFF18DC6EAC7AFA7A8F48
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....8...................................................0............`.................................................`...d............................ ..0... ...............................@...8............P...............................text...h7.......8.................. ..`.rdata.......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                          Entropy (8bit):4.689882120894326
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:5D8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QxmFWymc3doBKumsLVsDJ9UKvL:lTdJTlDmNelrzuLFf0Qg4yxlumQCDLU
                                                                                                                                                                                                                          MD5:93DA52E6CE73E0C1FC14F7B24DCF4B45
                                                                                                                                                                                                                          SHA1:0961CFB91BBCEE3462954996C422E1A9302A690B
                                                                                                                                                                                                                          SHA-256:DDD427C76F29EDD559425B31EEE54EB5B1BDD567219BA5023254EFDE6591FAA0
                                                                                                                                                                                                                          SHA-512:49202A13D260473D3281BF7CA375AC1766189B6936C4AA03F524081CC573EE98D236AA9C736BA674ADE876B7E29AE9891AF50F1A72C49850BB21186F84A3C3AB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................&.......'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..p.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                                          Entropy (8bit):6.2360102418962855
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:42XHEtPwbdvIbwKBBEHYpJgLa0Mp8u9sLgU:jHMobBiB+HqgLa1Kx
                                                                                                                                                                                                                          MD5:3D34E2789682844E8B5A06BE3B1C81BF
                                                                                                                                                                                                                          SHA1:0141D82B4B604E08E620E63B8257FB6A1E210CAF
                                                                                                                                                                                                                          SHA-256:40B1A6F1318C565E985AFFB8DF304991E908AB1C36C8E960E7AC177E3002FCA0
                                                                                                                                                                                                                          SHA-512:886780D6CE3F2955C8FAC38F75DC3A2E017F68ED8FCC75BAA6D74A5E4018CFBF2B99F59D0DBFA5D2728EB1AD7F3F8FE54F0AD3F29D74AFC43E2CDC1A21F889C4
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....(..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data...H....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..0............R..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                                                          Entropy (8bit):5.285518610964193
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:txQrFBe/i+/puqeXOv3oTezczeO9p9iYDWYLJzUn:Q5B8txuqeXOfoTezcSO9pUY1JY
                                                                                                                                                                                                                          MD5:194D1F38FAB24A3847A0B22A120D635B
                                                                                                                                                                                                                          SHA1:A96A9DF4794CDA21E845AAFE2D5ACD5A40A9C865
                                                                                                                                                                                                                          SHA-256:FCC68F211C6D2604E8F93E28A3065F6E40F1E044C34D33CC8349EB3873559A0C
                                                                                                                                                                                                                          SHA-512:07324B03B7DD804090B00BC62C41162FD1788AE3C8450BCA25D63BF254009D04A7ACDF7ACFAF473A3D1BE1FA58B0007FA35D8E486F90C9B48384C035C83B0CCF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...a."`.........." .....(... ......T.....................................................`.........................................@I......<J..d....p.......`..................$....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):4.696064367032408
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:V05p7mr3Tutd9PUv22NeLfPI5k3bo7tDLUan:tD6t/N4a3bEZUan
                                                                                                                                                                                                                          MD5:0628DC6D83F4A9DDDB0552BD0CC9B54C
                                                                                                                                                                                                                          SHA1:C73F990B84A126A05F1D32D509B6361DCA80BC93
                                                                                                                                                                                                                          SHA-256:F136B963B5CEB60B0F58127A925D68F04C1C8A946970E10C4ABC3C45A1942BC7
                                                                                                                                                                                                                          SHA-512:78D005A2FEC5D1C67FC2B64936161026F9A0B1756862BAF51EAF14EDEE7739F915D059814C8D6F66797F84A28071C46B567F3392DAF4FF7FCDFA94220C965C1A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                                                          Entropy (8bit):5.219784380683583
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:305p7mr3Tutd9Pwv2e42bF7i+V2rQnjt1wmg9jN+mp23XDLUk:rD6tTephi+AojO9jbQHUk
                                                                                                                                                                                                                          MD5:59F65C1AD53526840893980B52CD0497
                                                                                                                                                                                                                          SHA1:E675A09577C75D877CB1305E60EB3D03A4051B73
                                                                                                                                                                                                                          SHA-256:2DF02E84CFD77E91D73B3551BDDA868277F8AE38B262FA44528E87208D0B50FC
                                                                                                                                                                                                                          SHA-512:5E9782793A8BB6437D718A36862C13CDE5E7E3780E6F3E82C01F7B2F83EBBDB63F66B3C988FA8DEF36077F17FA1F6C2C77A82FABBD7C17D1568E7CEA19E7EDD6
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...[."`.........." ................T.....................................................`..........................................8......|9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..$....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.171175600505211
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:O05p7mr3Tutd9Pwv2aKbxdcgatX1WmkaA09L9kDLUhX:MD6tTZgtX15kanYU
                                                                                                                                                                                                                          MD5:4D8230D64493CE217853B4D3B6768674
                                                                                                                                                                                                                          SHA1:C845366E7C02A2402BA00B9B6735E1FAD3F2F1EF
                                                                                                                                                                                                                          SHA-256:06885DC99A7621BA3BE3B28CB4BCF972549E23ACF62A710F6D6C580AABA1F25A
                                                                                                                                                                                                                          SHA-512:C32D5987A0B1DED7211545CB7D3D7482657CA7D74A9083D37A33F65BBE2E7E075CB52EFAEEA00F1840AB8F0BAF7DF1466A4F4E880ABF9650A709814BCEE2F945
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...\."`.........." ................T.....................................................`..........................................8.......9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD2.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.171087190344686
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:ajJzPAI2p3C2p+EhKnLg9yH8puzoFaPERIQAVqYU:GITp3pp+EhmLg9yH8puzoFaPERIQp
                                                                                                                                                                                                                          MD5:4B4831FCFCA23CEBEC872CCCCE8C3CE1
                                                                                                                                                                                                                          SHA1:9CA26A95C31E679B0D4CFEDEACEA38334B29B3F3
                                                                                                                                                                                                                          SHA-256:75250C7B7EE9F7F944D9C23161D61FE80D59572180A30629C97D1867ECF32093
                                                                                                                                                                                                                          SHA-512:7218D67A78EBC76D1AA23AEDDF7B7D209A9E65D4A50FD57F07680953BDF40E42B33D3D6388119B54E3948DA433D0F895BCC0F98E6D1AF4B9821AEFE2300C7EA0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................9.......9..d....`.......P..(............p..$....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...x....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD4.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.0894476079532565
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:ZE4+jfKIb3gudUPpwVp1sAD7I/9hAkeTOre5QDLU+db:CjJzPQwVp1sAD7KvpUv5uUob
                                                                                                                                                                                                                          MD5:642B9CCEA6E2D6F610D209DC3AACF281
                                                                                                                                                                                                                          SHA1:8F816AA1D94F085E2FE30A14B4247410910DA8F9
                                                                                                                                                                                                                          SHA-256:E5DFB0A60E0E372AE1FF4D0E3F01B22E56408F0F9B04C610ECEF2A5847D6D879
                                                                                                                                                                                                                          SHA-512:A728E2F6264A805CE208FEB24600D23EC04C7D17481A39B01F90E47D82CF6C369D6151BB4170D993BE98CEFE8E6BDF2044CF0DC623BAE662C5584812875FC3B8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................8.......8..d....`.......P..(............p..$....1...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_MD5.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                                                          Entropy (8bit):5.432796797907171
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:N9FZ/KFjb3OuTPU84At56BTBvzcuiDSjeoGIQUPTrLFDLUEPLdN:/wztA8Tt5OwuiDSyoGPmXdUEPB
                                                                                                                                                                                                                          MD5:180017650B62058058CB81B53540A9BF
                                                                                                                                                                                                                          SHA1:696EECA75621B75BC07E2982EB66D61A1DFECDB6
                                                                                                                                                                                                                          SHA-256:8146110D92B2F50B3EB02557BE6EE4586EEC1A2AD7204B48A4F28B8859FE6E29
                                                                                                                                                                                                                          SHA-512:9AD447F0B15639C1FA3300E80EC5B175589930CB9166CF108FAFA74093CE791E1FF55CF6686ABF090A8B44BA6B743FEEBA270F378ED405F15418406AB8D01E9B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." ..... ..........T.....................................................`.........................................P8...... 9..d....`.......P..X............p..$....1...............................1..8............0...............................text............ .................. ..`.rdata..p....0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                                                          Entropy (8bit):5.099895592918567
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:s05p7mr3Tutd9Pgv239k9UgPKsVQJukk7+rDLU8:OD6tD3G9tPKsVQJuUDU
                                                                                                                                                                                                                          MD5:11F184E124E91BE3EBDF5EAF92FDE408
                                                                                                                                                                                                                          SHA1:5B0440A1A2FBD1B21D5AF7D454098A2B7C404864
                                                                                                                                                                                                                          SHA-256:F9220CA8A1948734EC753B1ADA5E655DAF138AF76F01A79C14660B2B144C2FAE
                                                                                                                                                                                                                          SHA-512:37B3916A5A4E6D7052DDB72D34347F46077BDF1BA1DCF20928B827B3D2C411C612B4E145DFE70F315EA15E8F7F00946D26E4728F339EDDF08C72B4E493C56BC3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...Z."`.........." ......... ......T.....................................................`.........................................p9......H:..d....`.......P...............p..$...@3..............................`3..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                                                          Entropy (8bit):5.65813713656815
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:Bj51JwTx7uuj/krY1ZLhGZo2R1J+0eDPSgkNZuOdlptvTLLB5b+vDLUE+Ea:sxQr89hTOJ+0QPSfu6rlZ+/UE+
                                                                                                                                                                                                                          MD5:51A01A11848322AC53B07D4D24F97652
                                                                                                                                                                                                                          SHA1:141097D0F0F1C5432B1F1A571310BD4266E56A6D
                                                                                                                                                                                                                          SHA-256:E549A4FE85759CBFC733ECF190478514B46ECA34EDA2370F523328F6DC976F30
                                                                                                                                                                                                                          SHA-512:23281BE77496AF3A6507B610191AF5AA005C974F27129073FD70D51E82A5D3E55FB8C7FF28CF1886B55E264B736AB506EE0D97210E764EB1618C74DE2B44E64A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." .....*..........T.....................................................`.........................................PH......(I..d....p.......`..X...............$....A...............................A..8............@...............................text....).......*.................. ..`.rdata..x....@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                                          Entropy (8bit):5.882538742896355
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:lRlEGHXgKXqHGcvYHp5RYcARQOj4MSTjqgPmEO2vUk:NdHXgP/YtswvdUk
                                                                                                                                                                                                                          MD5:B20D629142A1354BA94033CAC15D7D8C
                                                                                                                                                                                                                          SHA1:CD600F33D5BC5FA3E70BDF346A8D0FB935166468
                                                                                                                                                                                                                          SHA-256:147CE6747635B374570D3A1D9FCAB5B195F67E99E34C0F59018A3686A07A3917
                                                                                                                                                                                                                          SHA-512:72EFD1C653732FB620787B26D0CA44086405A070EC3CD4BBA5445854C5D7DDE6D669060845D093A1FC2593ED6E48630344FA6F0AF685186FB554D8BB9BC97AA0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                                          Entropy (8bit):5.88515673373227
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:ARlEGHXiKXqHGcvYHp5RYcARQOj4MSTjqgPmEm9Uk:SdHXiP/YtswvdVk
                                                                                                                                                                                                                          MD5:6FF2518A93F7279E8FDAC0CE8DE4BF3F
                                                                                                                                                                                                                          SHA1:77F4713D4F287E2950C06A0EF2F8C7C8D53BABDD
                                                                                                                                                                                                                          SHA-256:27B4DB005685D8E31E37BD632767D5FFC81818D24B622E3D25B8F08F43E29B57
                                                                                                                                                                                                                          SHA-512:26A8448D34F70AF62D702851B8353708FB3A1B984CBDC1D2EABE582CAAD8D56B0A835A4C914EB7824DADCF62E83B84D3A669C06ACAF0E1001EB66F85BC5D0377
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...X."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                                                          Entropy (8bit):5.843159039658928
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:2HJh9k54Stui0gel9soFdkO66MlPGXmXcCkyk:2H6Ju/FZ6nPxM6k
                                                                                                                                                                                                                          MD5:8B59C61BB3A3ADFBB7B8C39F11B8084B
                                                                                                                                                                                                                          SHA1:49595C3F830422FEF88D8FBAF003F32EF25501CE
                                                                                                                                                                                                                          SHA-256:FBD9CDD873EAFAD3C03C05FFEB0D67F779C2D191389351FE2D835E7D8ECA534F
                                                                                                                                                                                                                          SHA-512:6FEDCC8631723B63D3D8CAD6D57953EB356C53814FD6F1ECA6299E2A5272F67C58090D339B5E6BB1DA15F7BEB451FCC9A41129AB7F578155A17BBE0C1D385AA6
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....H..."......T.....................................................`..........................................k......hl..d...............................$...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                                                          Entropy (8bit):5.896939915107
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:VxpB9/i4z5tui0gel9soFdkO66MlPGXmXcPtOJkw:Vx11u/FZ6nPxM8k
                                                                                                                                                                                                                          MD5:6A84B1C402DB7FE29E991FCA86C3CECF
                                                                                                                                                                                                                          SHA1:FC62477E770F4267C58853C92584969B2F0FEBE2
                                                                                                                                                                                                                          SHA-256:CF8FD7B6BBC38FE3570B2C610E9C946CD56BE5D193387B9146F09D9B5745F4BC
                                                                                                                                                                                                                          SHA-512:B9D1195429E674778A90262E0A438B72224B113B7222535DAA361222DEE049C9929481D6E1138117655EAE9B2735D51638209A6EF07963F5249AD74F0BFD75C6
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Z."`.........." .....H..."......T.....................................................`..........................................l.......l..d...............................$....d...............................e..8............`...............................text...xG.......H.................. ..`.rdata..H....`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12800
                                                                                                                                                                                                                          Entropy (8bit):4.957384431518367
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:PUBpDmr37utd9PHv2O3sER2fi2s4DLUgdLl:zDit6O3sa4XUO
                                                                                                                                                                                                                          MD5:1D49E6E34FE84C972484B6293CC2F297
                                                                                                                                                                                                                          SHA1:3A799DB7102912DA344112712FD2236A099C7F5E
                                                                                                                                                                                                                          SHA-256:B2FD9F57815B3F7FFC3365D02510B88DBE74AB1EFF8BE9099DC902412057244D
                                                                                                                                                                                                                          SHA-512:CAD8FCC78006D643590C3D784C2DF051B8C448DE457B41507F031C9D7891036AD3F8E00B695D92F5138C250B2426A57C16F7293237054A245FF08B26AD86CF25
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...\."`.........." ................T.....................................................`..........................................8.......8..d....`.......P...............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..$....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                                                          Entropy (8bit):5.014628606839607
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:lUBpDmr37utd9PVv27c0qKzLF4DHxXUcDLU/:9DitwzvV4DREiU/
                                                                                                                                                                                                                          MD5:CDD1A63E9F508D01EEBEE7646A278805
                                                                                                                                                                                                                          SHA1:3CB34B17B63F2F61C2FA1B1338D0B94CF9EE67AF
                                                                                                                                                                                                                          SHA-256:AB96945D26FEF23EF4B12E1BD5B1841CFECB8B06AB490B436E3F1A977A7F5E8B
                                                                                                                                                                                                                          SHA-512:5F136D8EBFE6AC43846C4820FF8A3C81D991FCACC219C23DDD0674E75B930A1A948D02925BCC7BD807F5A68F01F65B35037B8A193143EB552D224E1DD906C158
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...\."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_keccak.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                                                          Entropy (8bit):5.243633265407984
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:QUN0iKNb3NuUPyxfFNhoCoK7e+TcBXJ2kMQ75i6nElDLUH:dYz8JpF39oK6+QBXJ2k775NKU
                                                                                                                                                                                                                          MD5:57A49AC595084A19516C64079EE1A4C7
                                                                                                                                                                                                                          SHA1:4B188D0E9965AB0DA8D9363FC7FEEE737DF81F74
                                                                                                                                                                                                                          SHA-256:D7DA3DC02AC4685D3722E5AF63CA1A8857D53454D59CF64C784625D649897D72
                                                                                                                                                                                                                          SHA-512:693989D01070835DC9D487C904F012EE5BE72219E1EEAEC56EE3BC35659192714D8F538BEA30F4849B3A3D4BCF24705EDFE84AD2742F6C8562F6C6215F7917BE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...[."`.........." ..... ..........T.....................................................`..........................................8.......9..d....`.......P..d............p..$...p2...............................2..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..d....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                                                          Entropy (8bit):5.253962925838046
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:t39lJPKBb3+ujPH/41fPnVSEsV3+ldpCArU8vOjpDLUFDdA:V9wzdz/afPCV3YdjdvMUFpA
                                                                                                                                                                                                                          MD5:C19895CE6ABC5D85F63572308BD2D403
                                                                                                                                                                                                                          SHA1:6B444E59112792B59D3BA4F304A30B62EEBD77FA
                                                                                                                                                                                                                          SHA-256:1BCA3479A4CC033E8BC3B4DD8DCC531F38E7B7FE650A7DA09120CCAC100D70A4
                                                                                                                                                                                                                          SHA-512:D8D493D51DE052F2A0BB18C4CD6F5E15AB5D5CCB3276D38DDA44382746656618560878359D6C95A76B223CBD4B2CD39C817EC7FC3108EED5D541CF4BD95AAA14
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...\."`.........." ................T.....................................................`..........................................8......h9..d....`.......P..|............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Math\_modexp.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                          Entropy (8bit):5.913715253597897
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:4ea6OoLEx/fpMgEXNSNk/IppSQDLw16UADNIz7Izy+3O3nCpDN+cGJVtV81UpSu8:44OoMpMgqSpz41ht7EOeYcUV4ipwr
                                                                                                                                                                                                                          MD5:150F31A18FDCCB30695E8A11B844CB9A
                                                                                                                                                                                                                          SHA1:85A333C8A866AAFBF6B3766CED0B7079A2358C42
                                                                                                                                                                                                                          SHA-256:D26D543EFC9A6C3D5BA52FFC55965A2C3DBB7E634776EF6C1789E5DF8E4DF3E5
                                                                                                                                                                                                                          SHA-512:DDFE93CBE315E060A8F0B3863A1675D8F156BF84F157CD7BCBD7EC57F88C72DD21E6C2A5077A142D828DAD0C40149EE4064C34E6EE26787A8B32D4AC9A18E1CA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P.R.>.R.>.R.>.[...V.>..?.P.>.F.?.Q.>.R.?.{.>..;.Y.>..:.Z.>..=.Q.>..6.V.>..>.S.>....S.>..<.S.>.RichR.>.........PE..d...i."`.........." .....V...,............................................................`..........................................~..d.......d...............T...............$....q...............................q..8............p..(............................text...(U.......V.................. ..`.rdata.......p.......Z..............@..@.data...H............n..............@....pdata..T............t..............@..@.rsrc................|..............@..@.reloc..$............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):4.725087774300977
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:N942/KIb3bu95Pp2abc64uVNn4DLUOVdB:FJzCxl464aGUOf
                                                                                                                                                                                                                          MD5:66052F3B3D4C48E95377B1B827B959BB
                                                                                                                                                                                                                          SHA1:CF3F0F82B87E67D75B42EAAB144AE7677E0C882E
                                                                                                                                                                                                                          SHA-256:C9A6A7D7CE0238A8D03BCC1E43FD419C46FAEA3E89053355199DEDF56DADAFA4
                                                                                                                                                                                                                          SHA-512:9A7F45CE151890032574ED1EF8F45640E489987DC3AF716E5D7F31127BA3675E1F4C775229184C52D9A3792DF9CB2B3D0D3BE079192C40E900BA0CC69E8E3EE5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./...A...A...A.......A.@.@...A...@...A...@..A.@.D...A.@.E...A.@.B...A.f.I...A.f.A...A.f....A.f.C...A.Rich..A.........................PE..d...b."`.........." ................T.....................................................`.........................................P8..d....8..d....`.......P..4............p..$....1...............................1..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):748032
                                                                                                                                                                                                                          Entropy (8bit):7.627003962799197
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:b3HtKHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:b3NKHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                          MD5:B96D4854F02D932D9D84DB7CE254C85A
                                                                                                                                                                                                                          SHA1:61F8F284EEB65B21A5373DA85270802B9E0ABBF4
                                                                                                                                                                                                                          SHA-256:E73BC5D362A1439FD87BF3901D5B2D4534B50E3B935C841F25D3C49BF3D4D7EE
                                                                                                                                                                                                                          SHA-512:1FDE226034F48B29143E1B3042FB42C91BE8DE5DDC53B2F2FA3DAB1CCA99FB34AF3A8FB57B0CB5B152943BE156B4521DAE04FB80B08EC04A3F371E30D137297A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.2...a...a...a.sba...alz.`...a.`.`...a...a...alz.`...alz.`...alz.`...aJy.`...aJy.`...aJy.a...aJy.`...aRich...a........................PE..d...g."`.........." .....V................................................................`.........................................p_.......a..d...............H...............0....H...............................I..8............p..(............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...X....p.......P..............@....pdata..H............X..............@..@.rsrc................f..............@..@.reloc..0............h..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                          Entropy (8bit):4.662736103035243
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:5y8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6Q9qHaGi0oYAsDJ9UqvA:0TdJTlDmNelrzuLFf0Qd03DLU
                                                                                                                                                                                                                          MD5:E17F1BA35CF28FA1DDA7B1EC29573E0E
                                                                                                                                                                                                                          SHA1:6EB63305E38BD75931E3325E0C3F58F7CB3F2AD0
                                                                                                                                                                                                                          SHA-256:D37CCB530F177F3E39C05B0CA0A70661B2541CCAF56818DAD4FCF336EEED3321
                                                                                                                                                                                                                          SHA-512:8E7AF8712592084178E3B93FE54E60AC32A774D151896AFEE937CDB3BB9F629F4B597F85AF9B56A1C14612121357FC0DDAA45E71D91B13C36E88292D3050A1B9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................'..|...|'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..H.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\Cryptodome\Util\_strxor.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                          Entropy (8bit):4.620728904455609
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:5Z8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QgcfPPYdsDJ9UKvb:nTdJTlDmNelrzuLFf0Q5P3DLU
                                                                                                                                                                                                                          MD5:3369F9BB8B0EE93E5AD5B201956DC60F
                                                                                                                                                                                                                          SHA1:A5B75CBD6CE905A179E49888E798CD6AE9E9194D
                                                                                                                                                                                                                          SHA-256:5940E97E687A854E446DC859284A90C64CF6D87912C37172B8823A8C3A7B73DF
                                                                                                                                                                                                                          SHA-512:C4E71D683BE64A8E6AB533FA4C1C3040B96D0BE812EA74C99D2D2B5D52470C24B45D55366A7ACB9D8CDA759A618CBAF0D0A7ECFEF4C0954DF89FDB768D9893E2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...b."`.........." ................T........................................p............`..........................................&..t...d'..P....P.......@...............`..$....!...............................!..8............ ...............................text...x........................... ..`.rdata..0.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\VCRUNTIME140.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):98736
                                                                                                                                                                                                                          Entropy (8bit):6.474996871326343
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                                                          MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                                                          SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                                                          SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                                                          SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_asyncio.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):64424
                                                                                                                                                                                                                          Entropy (8bit):6.124000794465739
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:r/p7Wh7XUagO7BR4SjavFHx8pIS5nWQ7Sy7o:r/tWhzUahBR4Sjahx8pIS5n5Fo
                                                                                                                                                                                                                          MD5:6EB3C9FC8C216CEA8981B12FD41FBDCD
                                                                                                                                                                                                                          SHA1:5F3787051F20514BB9E34F9D537D78C06E7A43E6
                                                                                                                                                                                                                          SHA-256:3B0661EF2264D6566368B677C732BA062AC4688EF40C22476992A0F9536B0010
                                                                                                                                                                                                                          SHA-512:2027707824D0948673443DD54B4F45BC44680C05C3C4A193C7C1803A1030124AD6C8FBE685CC7AAF15668D90C4CD9BFB93DE51EA8DB4AF5ABE742C1EF2DCD08B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~[b...b...b...k..`.......`.......n.......j.......a.......a.......`...b..........c.......c.......c.......c...Richb...........PE..d....K.b.........." ... .T..........`...............................................^.....`.............................................P...P...d........................)...........w..T...........................@v..@............p.. ............................text....R.......T.................. ..`.rdata...I...p...J...X..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_bz2.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):83368
                                                                                                                                                                                                                          Entropy (8bit):6.530099411242372
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:asRz7qNFcaO6ViD4fhaLRFc/a8kd7jzWHCxIStVs7Sywk:9RzGYYhaY9kd7jzWixIStVs+k
                                                                                                                                                                                                                          MD5:A4B636201605067B676CC43784AE5570
                                                                                                                                                                                                                          SHA1:E9F49D0FC75F25743D04CE23C496EB5F89E72A9A
                                                                                                                                                                                                                          SHA-256:F178E29921C04FB68CC08B1E5D1181E5DF8CE1DE38A968778E27990F4A69973C
                                                                                                                                                                                                                          SHA-512:02096BC36C7A9ECFA1712FE738B5EF8B78C6964E0E363136166657C153727B870A6A44C1E1EC9B81289D1AA0AF9C85F1A37B95B667103EDC2D3916280B6A9488
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........{..{..{...#.{......{....M.{......{......{......{......{..Z...{..{...{......{......{....O.{......{..Rich.{..........PE..d....K.b.........." ... .....^..............................................P......& ....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):178176
                                                                                                                                                                                                                          Entropy (8bit):6.160618368535074
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:a28mc0wlApJaPh2dEVWkS0EDejc2zSTBcS7EkSTLkKDtJbtb:axTlApohBV1S0usWchkSTLLDDt
                                                                                                                                                                                                                          MD5:2BAAA98B744915339AE6C016B17C3763
                                                                                                                                                                                                                          SHA1:483C11673B73698F20CA2FF0748628C789B4DC68
                                                                                                                                                                                                                          SHA-256:4F1CE205C2BE986C9D38B951B6BCB6045EB363E06DACC069A41941F80BE9068C
                                                                                                                                                                                                                          SHA-512:2AE8DF6E764C0813A4C9F7AC5A08E045B44DAAC551E8FF5F8AA83286BE96AA0714D373B8D58E6D3AA4B821786A919505B74F118013D9FCD1EBC5A9E4876C2B5F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#...p...p...p...p...p.y.q...p.y{p...p.y.q...p.y.q...p.y.q...p.q...pi..q...p...pX..p.x.q...p...p...p.x.q...p.xyp...p.x.q...pRich...p................PE..d......f.........." ...).....B.............................................. ............`.........................................PX..l....X.......................................?...............................=..@............................................text............................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_ctypes.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):122792
                                                                                                                                                                                                                          Entropy (8bit):6.021506515932983
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:bsQx9bm+edYe3ehG+20t7MqfrSW08UficVISQPkFPR:QQxCOhGB0tgqfrSiUficrZ
                                                                                                                                                                                                                          MD5:87596DB63925DBFE4D5F0F36394D7AB0
                                                                                                                                                                                                                          SHA1:AD1DD48BBC078FE0A2354C28CB33F92A7E64907E
                                                                                                                                                                                                                          SHA-256:92D7954D9099762D81C1AE2836C11B6BA58C1883FDE8EEEFE387CC93F2F6AFB4
                                                                                                                                                                                                                          SHA-512:E6D63E6FE1C3BD79F1E39CB09B6F56589F0EE80FD4F4638002FE026752BFA65457982ADBEF13150FA2F36E68771262D9378971023E07A75D710026ED37E83D7B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T....ne..ne..ne......ne.p.d..ne.p.`..ne.p.a..ne.p.f..ne.t.d..ne...a..ne...d..ne...d..ne..nd..ne.t.h..ne.t.e..ne.t....ne.t.g..ne.Rich.ne.........PE..d....K.b.........." ... ............P[..............................................H.....`..........................................Q.......R...........................).......... ...T...............................@...............@............................text............................... ..`.rdata..nl.......n..................@..@.data...D>...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_decimal.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):250280
                                                                                                                                                                                                                          Entropy (8bit):6.547354352688139
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:TogRj7JKM8c7N6FiFUGMKa3xB6Dhj9qWMa3pLW1A64WsqC:tPJKa7N6FEa3x4NlbqC
                                                                                                                                                                                                                          MD5:10F7B96C666F332EC512EDADE873EECB
                                                                                                                                                                                                                          SHA1:4F511C030D4517552979105A8BB8CCCF3A56FCEA
                                                                                                                                                                                                                          SHA-256:6314C99A3EFA15307E7BDBE18C0B49BC841C734F42923A0B44AAB42ED7D4A62D
                                                                                                                                                                                                                          SHA-512:CFE5538E3BECBC3AA5540C627AF7BF13AD8F5C160B581A304D1510E0CB2876D49801DF76916DCDA6B7E0654CE145BB66D6E31BD6174524AE681D5F2B49088419
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7.......................................+.........c.........................[...........Rich...........PE..d....K.b.........." ... .p...:.......................................................^....`..........................................D..P...@E...................'.......)......@...p...T...........................0...@............................................text...]o.......p.................. ..`.rdata...............t..............@..@.data....)...`...$...L..............@....pdata...'.......(...p..............@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_hashlib.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):61864
                                                                                                                                                                                                                          Entropy (8bit):6.210920109899827
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:aSz5iGzcowlJF+aSe3kuKUZgL4dqDswE9+B1fpIS5IHYiSyvc9eEdB:npWlJF+aYupZbdqDOgB1fpIS5IH7Sy+V
                                                                                                                                                                                                                          MD5:49CE7A28E1C0EB65A9A583A6BA44FA3B
                                                                                                                                                                                                                          SHA1:DCFBEE380E7D6C88128A807F381A831B6A752F10
                                                                                                                                                                                                                          SHA-256:1BE5CFD06A782B2AE8E4629D9D035CBC487074E8F63B9773C85E317BE29C0430
                                                                                                                                                                                                                          SHA-512:CF1F96D6D61ECB2997BB541E9EDA7082EF4A445D3DD411CE6FD71B0DFE672F4DFADDF36AE0FB7D5F6D1345FBD90C19961A8F35328332CDAA232F322C0BF9A1F9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zD.A>%..>%..>%..7]..:%..^_..<%..^_..2%..^_..6%..^_..=%..Z_..<%...W..<%...\..=%..>%...%..Z_..?%..Z_..?%..Z_..?%..Z_..?%..Rich>%..................PE..d....K.b.........." ... .P...z.......<..............................................Np....`............................................P...@............................)......X....l..T............................k..@............`..(............................text....N.......P.................. ..`.rdata..VM...`...N...T..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_lzma.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):158120
                                                                                                                                                                                                                          Entropy (8bit):6.838169661977938
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:MeORg8tdLRrHn5Xp4znfI9mNoY6JCvyPZxsyTxISe1KmDd:M/Rgo1L5wwYOY6MixJKR
                                                                                                                                                                                                                          MD5:B5FBC034AD7C70A2AD1EB34D08B36CF8
                                                                                                                                                                                                                          SHA1:4EFE3F21BE36095673D949CCEAC928E11522B29C
                                                                                                                                                                                                                          SHA-256:80A6EBE46F43FFA93BBDBFC83E67D6F44A44055DE1439B06E4DD2983CB243DF6
                                                                                                                                                                                                                          SHA-512:E7185DA748502B645030C96D3345D75814BA5FD95A997C2D1C923D981C44D5B90DB64FAF77DDBBDC805769AF1BEC37DAF0ECEE0930A248B67A1C2D92B59C250C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....................................................<.........................................Rich...........................PE..d....L.b.........." ... .d...........8...............................................p....`.........................................0%..L...|%..x....p.......P.......@...)......H.......T...........................`...@............................................text...^c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..H............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):33192
                                                                                                                                                                                                                          Entropy (8bit):6.3186201273933635
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:Y3I65wgJ5xeSZg2edRnJ8ZISRtczYiSyvZCeEdP:gIgJ5Uqg2edRJ8ZISRtcz7Sy0b
                                                                                                                                                                                                                          MD5:71AC323C9F6E8A174F1B308B8C036E88
                                                                                                                                                                                                                          SHA1:0521DF96B0D622544638C1903D32B1AFF1F186B0
                                                                                                                                                                                                                          SHA-256:BE8269C83666EAA342788E62085A3DB28F81512D2CFA6156BF137B13EBEBE9E0
                                                                                                                                                                                                                          SHA-512:014D73846F06E9608525A4B737B7FCCBE2123D0E8EB17301244B9C1829498328F7BC839CC45A1563CF066668EA6E0C4E3A5A0821AB05C999A97C20AA669E9EDA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.+.>.x.>.x.>.x.Fgx.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.>.x.>.xmL.y.>.x.D.y.>.x.D.y.>.x.D.x.>.x.D.y.>.xRich.>.x........................PE..d....K.b.........." ... .....<......0....................................................`.........................................0D..`....D..x....p.......`.......X...)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_overlapped.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):48552
                                                                                                                                                                                                                          Entropy (8bit):6.319402195167259
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:9i4KJKYCKlBj7gKxwfZQ7ZlYXF1SVMHE4ftISstDYiSyvM+eEd2:hKJfBuAA1SVWBftISstD7Syti
                                                                                                                                                                                                                          MD5:7E6BD435C918E7C34336C7434404EEDF
                                                                                                                                                                                                                          SHA1:F3A749AD1D7513EC41066AB143F97FA4D07559E1
                                                                                                                                                                                                                          SHA-256:0606A0C5C4AB46C4A25DED5A2772E672016CAC574503681841800F9059AF21C4
                                                                                                                                                                                                                          SHA-512:C8BF4B1EC6C8FA09C299A8418EE38CDCCB04AFA3A3C2E6D92625DBC2DE41F81DD0DF200FD37FCC41909C2851AC5CA936AF632307115B9AC31EC020D9ED63F157
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.K{8.%(8.%(8.%(1..(<.%(X.$):.%(X. )4.%(X.!)0.%(X.&);.%(\.$):.%(8.$(N.%(.$)=.%(.!)9.%(\.()9.%(\.%)9.%(\..(9.%(\.')9.%(Rich8.%(........PE..d....K.b.........." ... .>...X...... ................................................o....`..........................................w..X...(x...........................)...... ....V..T............................U..@............P...............................text....<.......>.................. ..`.rdata...4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_pytransform.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1164800
                                                                                                                                                                                                                          Entropy (8bit):7.05748889255336
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:8RgySc2phTzucZzdcZ7fUoPTS4ObanoVen42fw5I:BySc2ptScvkosfcI
                                                                                                                                                                                                                          MD5:E4761848102A6902B8E38F3116A91A41
                                                                                                                                                                                                                          SHA1:C262973E26BD9D8549D4A9ABF4B7AE0CA4DB75F0
                                                                                                                                                                                                                          SHA-256:9D03619721C887413315BD674DAE694FBD70EF575EB0138F461A34E2DD98A5FD
                                                                                                                                                                                                                          SHA-512:A148640AA6F4B4EF3AE37922D8A11F4DEF9ECFD595438B9A36B1BE0810BFB36ABF0E01BEE0AA79712AF0D70CDDCE928C0DF5057C0418C4ED0D733C6193761E82
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....^..........0..........p.............................................. .........................................+....................p...'...........................................P..(...................d................................text....].......^..................`.P`.data........p.......b..............@.`..rdata..p............d..............@.`@.pdata...'...p...(...R..............@.0@.xdata..L,...........z..............@.0@.bss....h.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_queue.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):30632
                                                                                                                                                                                                                          Entropy (8bit):6.41055734058478
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:lez/Dt36r34krA4eVIS7UAYiSyvAEYeEdSiD:leDE34krA4eVIS7UA7Sy9YLD
                                                                                                                                                                                                                          MD5:23F4BECF6A1DF36AEE468BB0949AC2BC
                                                                                                                                                                                                                          SHA1:A0E027D79A281981F97343F2D0E7322B9FE9B441
                                                                                                                                                                                                                          SHA-256:09C5FAF270FD63BDE6C45CC53B05160262C7CA47D4C37825ED3E15D479DAEE66
                                                                                                                                                                                                                          SHA-512:3EE5B3B7583BE1408C0E1E1C885512445A7E47A69FF874508E8F0A00A66A40A0E828CE33E6F30DDC3AC518D69E4BB96C8B36011FB4EDEDF9A9630EF98A14893B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~Zb...b...b...k..`.......`.......n.......j.......a.......a.......`...b...+.......c.......c.......c.......c...Richb...........................PE..d....K.b.........." ... .....8.......................................................F....`..........................................C..L....C..d....p.......`.......N...)..........`4..T........................... 3..@............0..(............................text............................... ..`.rdata..2....0......................@..@.data...x....P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_socket.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):77736
                                                                                                                                                                                                                          Entropy (8bit):6.247935524153974
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:C6DucXZAuj19/s+S+pjtk/DDTaVISQwn7SyML:C6DPXSuj19/sT+ppk/XWVISQwneL
                                                                                                                                                                                                                          MD5:E137DF498C120D6AC64EA1281BCAB600
                                                                                                                                                                                                                          SHA1:B515E09868E9023D43991A05C113B2B662183CFE
                                                                                                                                                                                                                          SHA-256:8046BF64E463D5AA38D13525891156131CF997C2E6CDF47527BC352F00F5C90A
                                                                                                                                                                                                                          SHA-512:CC2772D282B81873AA7C5CBA5939D232CCEB6BE0908B211EDB18C25A17CBDB5072F102C0D6B7BC9B6B2F1F787B56AB1BC9BE731BB9E98885C17E26A09C2BEB90
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...ry..ry..ry..{.g.ty......py.......y......zy......qy......py..ry...y......uy......sy......sy......sy......sy..Richry..................PE..d....K.b.........." ... .l.......... &.......................................P.......Q....`.............................................P...P........0....... ..l........)...@.........T...............................@............................................text...Rj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..l.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_sqlite3.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):97704
                                                                                                                                                                                                                          Entropy (8bit):6.173518585387285
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:GzgMWYDOavuvwYXGqijQaIrlIaiP9NbTp9c4L7ZJkyDpIS5Qux7Syce:NFYqDPSQaIrlI/DbLc2tJkyDpIS5QuxZ
                                                                                                                                                                                                                          MD5:7F61EACBBBA2ECF6BF4ACF498FA52CE1
                                                                                                                                                                                                                          SHA1:3174913F971D031929C310B5E51872597D613606
                                                                                                                                                                                                                          SHA-256:85DE6D0B08B5CC1F2C3225C07338C76E1CAB43B4DE66619824F7B06CB2284C9E
                                                                                                                                                                                                                          SHA-512:A5F6F830C7A5FADC3349B42DB0F3DA1FDDB160D7E488EA175BF9BE4732A18E277D2978720C0E294107526561A7011FADAB992C555D93E77D4411528E7C4E695A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dQ...?...?...?..}....?..>...?......?..:...?..;...?..<...?..>...?.;w>...?...>...?..2...?..?...?......?..=...?.Rich..?.................PE..d....L.b.........." ... ............................................................4.....`.............................................P....................`.......T...)..............T...............................@...............`............................text...n........................... ..`.rdata...p.......r..................@..@.data...,....@......................@....pdata.......`.......2..............@..@.rsrc................F..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_ssl.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):159144
                                                                                                                                                                                                                          Entropy (8bit):6.002098953253968
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:UhIDGtzShE3z/JHPUE0uev5J2oE/wu3rE923+nuI5Piev9muxISt710Y:UhIqtzShE3zhvyue5EMnuaF9mu3
                                                                                                                                                                                                                          MD5:35F66AD429CD636BCAD858238C596828
                                                                                                                                                                                                                          SHA1:AD4534A266F77A9CDCE7B97818531CE20364CB65
                                                                                                                                                                                                                          SHA-256:58B772B53BFE898513C0EB264AE4FA47ED3D8F256BC8F70202356D20F9ECB6DC
                                                                                                                                                                                                                          SHA-512:1CCA8E6C3A21A8B05CC7518BD62C4E3F57937910F2A310E00F13F60F6A94728EF2004A2F4A3D133755139C3A45B252E6DB76987B6B78BC8269A21AD5890356AD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dI...'L..'L..'L.}.L..'L..&M..'L.."M..'L..#M..'L..$M..'L..&M..'Lz|&M..'L..&Lt.'L)w&M..'L..*M..'L..'M..'L...L..'L..%M..'LRich..'L................PE..d....K.b.........." ... ............l*...................................................`............................................d...4........`.......P.......D...)...p..<.......T...............................@............................................text...x........................... ..`.rdata..J...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..<....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\_win32sysloader.cp310-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):4.922363545317259
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:i+LZ/rJjFTo6VB8rEn/sDWBPKLNmZRsYnGcyLtjNXG:ievLVL/sqBd+lFlG
                                                                                                                                                                                                                          MD5:5BDD23970D9AEBCA8838C0562336A1CF
                                                                                                                                                                                                                          SHA1:B256A34C95A5CB99DBC880F522266E59E71BB701
                                                                                                                                                                                                                          SHA-256:12434F2FE3EF83859DE5E74B0C51407770FFCD4A9219044532804B32E38308FD
                                                                                                                                                                                                                          SHA-512:15E29261C6676ABBACE771BAF248F06A2319CA721046F6788EE5E331C51A75CBE44B2A24F15EC32F0A371D525AA40E439BF0074E5D68D4657BF038114379E7B0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D...D...D...M.".F....!..F...7...F....!..E....!..N....!..L.......G...D...`....!..E....!..E....!..E...RichD...........................PE..d......a.........." ......................................................................`..........................................7..p...@8..d....p.......P..................0....2..T...........................p2...............0..@............................text............................... ..`.rdata..J....0......................@..@.data........@.......$..............@....pdata.......P.......&..............@..@.gfids.......`.......(..............@..@.rsrc........p.......*..............@..@.reloc..0...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\base_library.zip

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):831926
                                                                                                                                                                                                                          Entropy (8bit):5.700496388184754
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:4EHYKPY+WygVqFcIW6A4a2YCdbVwxDfpEn4jSRMNwW:4EHYMVgyLa2JVwxDfpEn4GMNwW
                                                                                                                                                                                                                          MD5:6CFF73092664831CA9277C6797993C47
                                                                                                                                                                                                                          SHA1:62D17F2BF5785149DF53B5ADBAECC3579A24CFBE
                                                                                                                                                                                                                          SHA-256:A8BE7CE0F18A2E14DADB3FE6CC41EC2962DCE172F4CB4DF4535FF0EC47AEE79D
                                                                                                                                                                                                                          SHA-512:457211A957656B845AE6E5A34E567C7E33DBB67F6AED9A9C15937F3B39922A2A4BDC70378269C1908FC141EB34ADAA70A0B133BA42BF6498F9E41CE372F3F3CA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:PK..........!................_collections_abc.pyco........k..u.s{.....................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\certifi\cacert.pem

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):299427
                                                                                                                                                                                                                          Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                          MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                          SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                          SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                          SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                                                          Entropy (8bit):4.82516630102953
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:700fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFOCQAASmHcX6g8H4ao:QFCk2z1/t12iwU5usJFqCyVcqgg
                                                                                                                                                                                                                          MD5:F4F7F634791F26FC62973350D5F89D9A
                                                                                                                                                                                                                          SHA1:6BE643BD21C74ED055B5A1B939B1F64B055D4673
                                                                                                                                                                                                                          SHA-256:45A043C4B7C6556F2ACFC827F2FF379365088C3479E8EE80C7F0A2CEB858DCC6
                                                                                                                                                                                                                          SHA-512:4325807865A76427D05039A2922F853287D420BCEBDA81F63A95BF58502E7DA0489060C4B6F6FFD65AA294E1E1C1F64560ADD5F024355922103C88B2CF1FD79B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................X...................................^............................4...........Rich....................PE..d...c#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):122368
                                                                                                                                                                                                                          Entropy (8bit):5.903697891709302
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:5ewkbk74PoxchHGTm/SCtg5MbfFPjPNoSLn2dkp2A/2pQKP:5endPox6HGTOLtg6bfFhDLkkCpQK
                                                                                                                                                                                                                          MD5:47EE4516407B6DE6593A4996C3AE35E0
                                                                                                                                                                                                                          SHA1:293224606B31E45B10FB67E997420844AE3FE904
                                                                                                                                                                                                                          SHA-256:F646C3B72B5E7C085A66B4844B5AD7A9A4511D61B2D74153479B32C7AE0B1A4C
                                                                                                                                                                                                                          SHA-512:EFA245C6DB2AEE2D9DB7F99E33339420E54F371A17AF0CF7694DAF51D45AEBFBAC91FC52DDB7C53E9FC73B43C67D8D0A2CAA15104318E392C8987A0DAD647B81
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........VyR.7...7...7...O...7.......7...O...7.......7.......7.......7..JB...7...7..b7......7......7......7......7..Rich.7..........PE..d...b#.g.........." ...).6...........7.......................................0............`......................................... ...d.................................... ......@...................................@............P...............................text...(4.......6.................. ..`.rdata...Y...P...Z...:..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):11358
                                                                                                                                                                                                                          Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                                          MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                                          SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                                          SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                                          SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4648
                                                                                                                                                                                                                          Entropy (8bit):5.006900644756252
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                                          MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                                          SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                                          SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                                          SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2518
                                                                                                                                                                                                                          Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                                          MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                                          SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                                          SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                                          SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):91
                                                                                                                                                                                                                          Entropy (8bit):4.687870576189661
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                                          MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                                          SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                                          SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                                          SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):19
                                                                                                                                                                                                                          Entropy (8bit):3.536886723742169
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                                          MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                                          SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                                          SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                                          SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:importlib_metadata.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1335
                                                                                                                                                                                                                          Entropy (8bit):4.226823573023539
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                                          MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                                          SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                                          SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                                          SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\libcrypto-1_1.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):3439512
                                                                                                                                                                                                                          Entropy (8bit):6.096012359425593
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                                                                          MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                                                                          SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                                                                          SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                                                                          SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\libffi-7.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):32792
                                                                                                                                                                                                                          Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                          MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                          SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                          SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                          SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\libssl-1_1.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):698784
                                                                                                                                                                                                                          Entropy (8bit):5.533720236597082
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                                                                          MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                                                                          SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                                                                          SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                                                                          SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\mfc140u.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):6065952
                                                                                                                                                                                                                          Entropy (8bit):6.6463891622960976
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:Z+Uw5pDgPAnxE5I0UEjmCfK+KvqvH+K26AnLzYJMKDBONlPElQPcukuSwIbFLOAB:wc1AnqGnEuoFLOAkGkzdnEVomFHKnPg
                                                                                                                                                                                                                          MD5:639DB7FE67E2E15D069A62C0EF4A971C
                                                                                                                                                                                                                          SHA1:BDBF2517678F9066C4553E6FDACE0A366929185C
                                                                                                                                                                                                                          SHA-256:760308CF8BEDAEBC4500049622D08DDCACA0024ACBD3B6BDCA1618EC48A91597
                                                                                                                                                                                                                          SHA-512:83CD3E89DDAC3915686BCEEC25654F0A35FE66A1C27D95BCFD3B44BDC01DED0DF9BEB525E0604522F61D58183546AF63FFDD60F90E5BFFD648774169832D2335
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........Y.J.7.J.7.J.7..2..K.7..2.K.7..2.H.7..2.._.7.C...^.7.q.6.H.7.q.3.F.7.q.2.\.7..2..Y.7.J.6.J.7.q.4.L.7.q.>...7.q.7.K.7.q..K.7.q.5.K.7.RichJ.7.........................PE..d....Z.........." .....R0...,..............................................0]......J]...`A........................................@.A.......A...... F.......C..O...P\. ?....[..o.. t5.8...................Xt5.(....u1..............p0.P.....@......................text....P0......R0................. ..`.rdata..B....p0......V0.............@..@.data...pi...@B...... B.............@....pdata...O....C..P....B.............@..@.didat..H.....F......@E.............@....tls..........F......FE.............@....rsrc........ F......HE.............@..@.reloc...o....[..p....Z.............@..B........................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\pyexpat.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):198568
                                                                                                                                                                                                                          Entropy (8bit):6.360283939217406
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:rkPTemtXBsiLC/QOSL6XZIMuPbBV3Dy9zeL9ef93d1BVdOd8dVyio0OwUpz1RPoi:AKmVG/pxIMuPbBFEFDBwpp2W
                                                                                                                                                                                                                          MD5:6BC89EBC4014A8DB39E468F54AAAFA5E
                                                                                                                                                                                                                          SHA1:68D04E760365F18B20F50A78C60CCFDE52F7FCD8
                                                                                                                                                                                                                          SHA-256:DBE6E7BE3A7418811BD5987B0766D8D660190D867CD42F8ED79E70D868E8AA43
                                                                                                                                                                                                                          SHA-512:B7A6A383EB131DEB83EEE7CC134307F8545FB7D043130777A8A9A37311B64342E5A774898EDD73D80230AB871C4D0AA0B776187FA4EDEC0CCDE5B9486DBAA626
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...........6...k.....k.....k.....k.....o............|.o.....o.....o.Z...o.....Rich..................PE..d....K.b.........." ... ............0................................................0....`.........................................`...P................................)..........@6..T............................5..@............ ...............................text...K........................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\python310.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4493736
                                                                                                                                                                                                                          Entropy (8bit):6.465157771728023
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:5vL1txd/8sCmiAiPw+RxtLzli0Im3wOc+28Ivu31WfbF9PtF+FNDHaSclAaBlh7y:Dw7Ad07RmodacSeSHCMTbSp4PS
                                                                                                                                                                                                                          MD5:C80B5CB43E5FE7948C3562C1FFF1254E
                                                                                                                                                                                                                          SHA1:F73CB1FB9445C96ECD56B984A1822E502E71AB9D
                                                                                                                                                                                                                          SHA-256:058925E4BBFCB460A3C00EC824B8390583BAEF0C780A7C7FF01D43D9EEC45F20
                                                                                                                                                                                                                          SHA-512:FAA97A9D5D2A0BF78123F19F8657C24921B907268938C26F79E1DF6D667F7BEE564259A3A11022E8629996406CDA9FA00434BB2B1DE3E10B9BDDC59708DBAD81
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o...o...o.......m.......b.......c.......g.......k...f.`.u......f...o...3..............n.......n.......n...Richo...................PE..d....K.b.........." ... ..#...!.....|!........................................E.....{.D...`..........................................G=.......>.|.....E.......B......hD..)....E..t...Q%.T...........................`P%.@.............#.0............................text.....#.......#................. ..`.rdata...\....#..^....#.............@..@.data... ....0>.......>.............@....pdata........B.. ....A.............@..@PyRuntim`.....D.......C.............@....rsrc.........E.......C.............@..@.reloc...t....E..v....C.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\pythoncom310.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):556544
                                                                                                                                                                                                                          Entropy (8bit):6.015390811366772
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:ANPciA4K8pFTtd5giF7kvRQi+mpdfxpxlL1:+PbBK8pFTtd5giFmvb
                                                                                                                                                                                                                          MD5:B7ACFAD9F0F36E7CF8BFB0DD58360FFE
                                                                                                                                                                                                                          SHA1:8FA816D403F126F3326CB6C73B83032BB0590107
                                                                                                                                                                                                                          SHA-256:461328C988D4C53F84579FC0880C4A9382E14B0C8B830403100A2FA3DF0FD9A9
                                                                                                                                                                                                                          SHA-512:4FED8A9162A9A2EBC113EA44D461FB498F9F586730218D9C1CDDCD7C8C803CAD6DEA0F563B8D7533321ECB25F6153CA7C5777C314E7CB76D159E39E74C72D1B8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7y.^7y.^7y.^>.[^=y.^.'._5y.^.'._5y.^.'._#y.^.'._?y.^.'._5y.^D.._:y.^..._5y.^D.._>y.^7y.^fx.^.'._fy.^.'._6y.^.'._6y.^Rich7y.^........PE..d......a.........." .....H...2.......6.......................................p............`.............................................@c...i.......@..l........p...........P..`.......T...........................P................`...............................text...LF.......H.................. ..`.rdata...3...`...4...L..............@..@.data............h..................@....pdata...p.......r..................@..@.gfids..4....0.......Z..............@..@.rsrc...l....@.......\..............@..@.reloc..`....P.......`..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\pywintypes310.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):142336
                                                                                                                                                                                                                          Entropy (8bit):5.9648110046839244
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:iuNj4Vsl6Cj2CYrrC04pFiYDQcaSWvTidrSsu5:iuxqs9j2CYrrC0Ki5caS2TidrSD
                                                                                                                                                                                                                          MD5:F200CA466BF3B8B56A272460E0EE4ABC
                                                                                                                                                                                                                          SHA1:CA18E04F143424B06E0DF8D00D995C2873AA268D
                                                                                                                                                                                                                          SHA-256:A6700CA2BEE84C1A051BA4B22C0CDE5A6A5D3E35D4764656CFDC64639C2F6B77
                                                                                                                                                                                                                          SHA-512:29BF2425B665AF9D2F9FD7795BF2AB012AA96FAED9A1A023C86AFA0D2036CC6014B48116940FAD93B7DE1E8F4F93EB709CC9319439D7609B79FD8B92669B377D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V.V.7...7...7...O$..7...i...7..b.p..7...i...7...i...7...i...7...U...7..f^...7...U...7...7...7..Vi...7..Vi...7..Vi...7..Rich.7..................PE..d...i..a.........." .........@......`.....................................................`..............................................H...........`..l....0..X............p.......h..T...........................0i..................h............................text...*........................... ..`.rdata..............................@..@.data....1.......0..................@....pdata..X....0......................@..@.gfids..4....P......."..............@..@.rsrc...l....`.......$..............@..@.reloc.......p.......(..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\select.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):29096
                                                                                                                                                                                                                          Entropy (8bit):6.4767692602677815
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:rPxHeWt+twhCBsHqF2BMXR6VIS7GuIYiSy1pCQkyw24i/8E9VFL2Ut8JU:ZeS+twhC6HqwmYVIS7GjYiSyv7VeEdH
                                                                                                                                                                                                                          MD5:ADC412384B7E1254D11E62E451DEF8E9
                                                                                                                                                                                                                          SHA1:04E6DFF4A65234406B9BC9D9F2DCFE8E30481829
                                                                                                                                                                                                                          SHA-256:68B80009AB656FFE811D680585FAC3D4F9C1B45F29D48C67EA2B3580EC4D86A1
                                                                                                                                                                                                                          SHA-512:F250F1236882668B2686BD42E1C334C60DA7ABEC3A208EBEBDEE84A74D7C4C6B1BC79EED7241BC7012E4EF70A6651A32AA00E32A83F402475B479633581E0B07
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{?t..Q'..Q'..Q'.b.'..Q'.`P&..Q'.`T&..Q'.`U&..Q'.`R&..Q'.`P&..Q'..P'..Q'5hP&..Q'.`\&..Q'.`Q&..Q'.`.'..Q'.`S&..Q'Rich..Q'........................PE..d....K.b.........." ... .....2......................................................l.....`..........................................@..L....@..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata..H....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\sqlite3.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1445800
                                                                                                                                                                                                                          Entropy (8bit):6.579172773828651
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:tU3g/eNVQHzcayG7b99ZSYR4eXj98nXMuVp+qbLKeq98srCIS:ck3hbEAp8X9Vp+2q2gI
                                                                                                                                                                                                                          MD5:926DC90BD9FAF4EFE1700564AA2A1700
                                                                                                                                                                                                                          SHA1:763E5AF4BE07444395C2AB11550C70EE59284E6D
                                                                                                                                                                                                                          SHA-256:50825EA8B431D86EC228D9FA6B643E2C70044C709F5D9471D779BE63FF18BCD0
                                                                                                                                                                                                                          SHA-512:A8703FF97243AA3BC877F71C0514B47677B48834A0F2FEE54E203C0889A79CE37C648243DBFE2EE9E1573B3CA4D49C334E9BFE62541653125861A5398E2FE556
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|{.............e.......g.......g.......g.......g......Po...............g.......g.......g.....g......Rich............PE..d....L.b.........." ... ..................................................... .......`....`..............................................!...................0...........)......|...Pg..T............................f..@............ ..(............................text............................... ..`.rdata..D.... ......................@..@.data...0A.......8..................@....pdata.......0......................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\unicodedata.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1121192
                                                                                                                                                                                                                          Entropy (8bit):5.384501252071814
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:bMYYMmuZ63NoQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uz9O:AYYuXZV0m8wMMREtV6Vo4uYz9O
                                                                                                                                                                                                                          MD5:102BBBB1F33CE7C007AAC08FE0A1A97E
                                                                                                                                                                                                                          SHA1:9A8601BEA3E7D4C2FA6394611611CDA4FC76E219
                                                                                                                                                                                                                          SHA-256:2CF6C5DEA30BB0584991B2065C052C22D258B6E15384447DCEA193FDCAC5F758
                                                                                                                                                                                                                          SHA-512:A07731F314E73F7A9EA73576A89CCB8A0E55E53F9B5B82F53121B97B1814D905B17A2DA9BD2EDA9F9354FC3F15E3DEA7A613D7C9BC98C36BBA653743B24DFC32
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(..F...F...F......F..G...F..C...F..B...F..E...F...G...F.C.G...F...G...F...K...F...F...F.......F...D...F.Rich..F.........................PE..d....K.b.........." ... .B...........*.......................................@......Y.....`.............................................X...(........ ...................)...0......@b..T............................a..@............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1107
                                                                                                                                                                                                                          Entropy (8bit):5.115074330424529
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                                          MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                                          SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                                          SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                                          SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2153
                                                                                                                                                                                                                          Entropy (8bit):5.088249746074878
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                                          MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                                          SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                                          SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                                          SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4557
                                                                                                                                                                                                                          Entropy (8bit):5.714200636114494
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                                          MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                                          SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                                          SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                                          SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                          MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                          SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                          SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                          SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):104
                                                                                                                                                                                                                          Entropy (8bit):4.271713330022269
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                                          MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                                          SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                                          SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                                          SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\win32api.cp310-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):134656
                                                                                                                                                                                                                          Entropy (8bit):5.84231912519238
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:UTqjiGbjKyRYDoe/hnLbAZ4l39KxN36w/Ii/MVjmzuQrEZ5nOmdZsQ/:DKyRCoe/joxNqw/v/MVjOu7VOI
                                                                                                                                                                                                                          MD5:EC7C48EA92D9FF0C32C6D87EE8358BD0
                                                                                                                                                                                                                          SHA1:A67A417FDB36C84871D0E61BFB1015CB30C9898A
                                                                                                                                                                                                                          SHA-256:A0F3CC0E98BEA5A598E0D4367272E4C65BF446F21932DC2A051546B098D6CE62
                                                                                                                                                                                                                          SHA-512:C06E3C0260B918509947A89518D55F0CB03CB19FC28D9E7ED9E3F837D71DF31154F0093929446A93A7C7DA1293FFD0CC69547E2540F15E3055FE1D12D837F935
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A$. J.. J.. J..X.. J..~K.. J..~I.. J..~N.. J.&~K.. J..IK.. J..~O.. J..BK.. J.. K..!J.&~O.. J.&~J.. J.&~H.. J.Rich. J.........................PE..d......a.........." .........................................................`............`.........................................`................@.......................P.......~..T...........................P}............... .........@....................text............................... ..`.rdata..r.... ......................@..@.data....#......."..................@....pdata..............................@..@.gfids..4....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\win32trace.cp310-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):22528
                                                                                                                                                                                                                          Entropy (8bit):5.158789189249445
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:6urA4fVFfFRGFV8fuL0G0T84Q9NNNIRV0KlnOjUgx908x8J:F7XsF9NNNIR2Eny908x8
                                                                                                                                                                                                                          MD5:E726734D5D2E42CF0861D24BCF741B09
                                                                                                                                                                                                                          SHA1:6AF8A994AD84259F7CF2A8F452B55AE44264BCC6
                                                                                                                                                                                                                          SHA-256:3592ABD55C972C9DFE2BAC104FBE3E1B4D1E392A3D29D7C5DB3745A624FA6FF4
                                                                                                                                                                                                                          SHA-512:2B60EDD06124C8F053D4573328697A9AF4D6EB077DCDBF833BA3E6DB574A7C32ABF1C72530C43CCBDE313A59066393DADAF2AAE8A7CC3FDB156ADD894D898542
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................."..........................................................................Rich............PE..d...~..a.........." .....&.......... (....................................................`.........................................pP..d....P...............p..`...............x....H..T...........................0I...............@...............................text....%.......&.................. ..`.rdata..|....@.......*..............@..@.data........`.......F..............@....pdata..`....p.......L..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc..x............V..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI35802\win32ui.cp310-win_amd64.pyd

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1427456
                                                                                                                                                                                                                          Entropy (8bit):5.324047632064682
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:gAEcgh+WcQNWxzi7HE699jXRZbkGX/VqtpkZAJRb8tUTfU2Bz:DEcvVGWQhHFNWBJ9H
                                                                                                                                                                                                                          MD5:9BF4110256A7B953AFA9D43A3E0944BB
                                                                                                                                                                                                                          SHA1:0D605B4D5FED9F7861C440B62BB02181E39EFA2B
                                                                                                                                                                                                                          SHA-256:484C51248076FB77A6FC5FB512A37BB404025568CDC8702D252DF2191DC720A4
                                                                                                                                                                                                                          SHA-512:07740EB7AE3B6D1091064AA2E550515D9AEC0C021B316E4BB9EFD21984322C7765F84A9110C1FCB59164B529FFB04C2B6D6611AB55C764D5D360B27F094A120C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G..............C.....................................................8...........]...................../.............Rich....................PE..d.../..a.........." .....x...L............................................................`..........................................`...T......h............0............... ..P]......T......................(...@....................0...........................text... w.......x.................. ..`.rdata...w.......x...|..............@..@.data...............................@....pdata.......0......................@..@.gfids..@............L..............@..@.tls.................N..............@....rsrc................P..............@..@.reloc..P]... ...^...j..............@..B................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmp0ul9kzr0\gen_py\__init__.py

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):176
                                                                                                                                                                                                                          Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                          MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                          SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                          SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                          SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmp0ul9kzr0\gen_py\dicts.dat

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                                                          Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                          MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                          SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                          SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                          SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..K....}..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\vvfmco1t

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                                          Entropy (8bit):2.0
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:qn:qn
                                                                                                                                                                                                                          MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                          SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                          SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                          SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:blat

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):6.791848855748042
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                          File name:1A70mZfanW.exe
                                                                                                                                                                                                                          File size:19'483'721 bytes
                                                                                                                                                                                                                          MD5:1cfbf03308f79ad07e0d303a0b3c9b6e
                                                                                                                                                                                                                          SHA1:791064735e251f2bce52991fa56a8b27af31aa82
                                                                                                                                                                                                                          SHA256:0e0a6b32901d6db7eb4873647a67ce0f69446a2efa2e87bd490d7a9c80e4c85c
                                                                                                                                                                                                                          SHA512:ac6063a390a2b13cf3d5d25a89f1fd5e806fcfe39a2663ce91d25964372e1a90e1b3ea6121a4d86c13828c6c4f0aacb4153aee6fc4e234e911be95de3dad2292
                                                                                                                                                                                                                          SSDEEP:393216:bSatY8L2Vmd6melh2pOc/e+7G99YP0BmRFN+MebO:bSai8yVmdKQpOun0ApiO
                                                                                                                                                                                                                          TLSH:7917334052A006C9F3EA483388779527AB75F85A5F9BD78FC75C86200FB31EA5D71BA0
                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'X.8c9.kc9.kc9.kwR.jh9.kwR.jd9.kwR.j.9.k.V#kg9.k1L.jE9.k1L.jr9.k1L.jj9.kwR.jh9.kc9.k.9.k.L.jp9.k.L.jb9.kRichc9.k...............

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x14000a8c8
                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                          Time Stamp:0x6750E25E [Wed Dec 4 23:14:38 2024 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                          OS Version Minor:2
                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                          File Version Minor:2
                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                          Subsystem Version Minor:2
                                                                                                                                                                                                                          Import Hash:c5640c7a22008f949f9bc94a27623f95

                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                                                          call 00007F8740AE846Ch
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                                                          jmp 00007F8740AE7DEFh
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          inc eax
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          sub esp, 20h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov ebx, ecx
                                                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                                                          call dword ptr [0001A8D3h]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov ecx, ebx
                                                                                                                                                                                                                          call dword ptr [0001A8C2h]
                                                                                                                                                                                                                          call dword ptr [0001A83Ch]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                                                          mov edx, C0000409h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          add esp, 20h
                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          jmp dword ptr [0001A8B8h]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov dword ptr [esp+08h], ecx
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          sub esp, 38h
                                                                                                                                                                                                                          mov ecx, 00000017h
                                                                                                                                                                                                                          call dword ptr [0001A8ACh]
                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                          je 00007F8740AE7F79h
                                                                                                                                                                                                                          mov ecx, 00000002h
                                                                                                                                                                                                                          int 29h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          lea ecx, dword ptr [0003B6DAh]
                                                                                                                                                                                                                          call 00007F8740AE813Eh
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov eax, dword ptr [esp+38h]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov dword ptr [0003B7C1h], eax
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          add eax, 08h
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov dword ptr [0003B751h], eax
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov eax, dword ptr [0003B7AAh]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov dword ptr [0003B61Bh], eax
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          mov dword ptr [0003B71Fh], eax
                                                                                                                                                                                                                          mov dword ptr [0003B5F5h], C0000409h
                                                                                                                                                                                                                          mov dword ptr [0003B5EFh], 00000001h
                                                                                                                                                                                                                          mov dword ptr [0003B5F9h], 00000001h

                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x35b180x78.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x5fc.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x480000x1de8.pdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c0000x748.reloc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x339200x1c.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x339400x138.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x250000x3e8.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x235d00x23600050ad070d74c0ab2baca6ee9c3b61b5dFalse0.5690426236749117data6.471510843579973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rdata0x250000x118980x11a0041b70ae4502758e24e137cafe311eeb7False0.4956504875886525PGP symmetric key encrypted data - Plaintext or unencrypted data5.711786264889031IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .data0x370000x103980xc00b88590ca230f956ba7b5bffcbee69475False0.138671875data1.8589891596226968IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .pdata0x480000x1de80x1e00626ab1518bc3687e03dacd39bbfde649False0.4921875data5.392285019157171IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          _RDATA0x4a0000xf40x2003fa4bb815d2865eb13ca6b140ccf210fFalse0.302734375data1.9616758456060694IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rsrc0x4b0000x5fc0x600e9f38e874665b2f0eec96d08193b0b48False0.4609375data5.4060894423190256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .reloc0x4c0000x7480x800ab10229e6319ea5b4dde9f2a80ec60f0False0.55322265625data5.222259043944798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          RT_MANIFEST0x4b0580x5a2XML 1.0 document, ASCII text, with CRLF line terminators0.45145631067961167

                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                                                          KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetEnvironmentStringsW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetCommandLineW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RaiseException, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, CompareStringW, LCMapStringW
                                                                                                                                                                                                                          ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                          GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                          2024-12-20T16:56:40.926042+01002058114ET MALWARE Iris Stealer CnC Domain in DNS Lookup (irisstealer .xyz)1192.168.2.8493571.1.1.153UDP

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Dec 20, 2024 16:56:40.926042080 CET4935753192.168.2.81.1.1.1
                                                                                                                                                                                                                          Dec 20, 2024 16:56:41.235491037 CET53493571.1.1.1192.168.2.8

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Dec 20, 2024 16:56:40.926042080 CET192.168.2.81.1.1.10xaff1Standard query (0)script.irisstealer.xyzA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Dec 20, 2024 16:56:41.235491037 CET1.1.1.1192.168.2.80xaff1Name error (3)script.irisstealer.xyznonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:10:56:33
                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\1A70mZfanW.exe"
                                                                                                                                                                                                                          Imagebase:0x7ff7cfbc0000
                                                                                                                                                                                                                          File size:19'483'721 bytes
                                                                                                                                                                                                                          MD5 hash:1CFBF03308F79AD07E0D303A0B3C9B6E
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                          Start time:10:56:37
                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\1A70mZfanW.exe"
                                                                                                                                                                                                                          Imagebase:0x7ff7cfbc0000
                                                                                                                                                                                                                          File size:19'483'721 bytes
                                                                                                                                                                                                                          MD5 hash:1CFBF03308F79AD07E0D303A0B3C9B6E
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                          Start time:10:56:37
                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                          Imagebase:0x7ff6005e0000
                                                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                          Start time:10:56:37
                                                                                                                                                                                                                          Start date:20/12/2024
                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:11.7%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:12.5%
                                                                                                                                                                                                                            Total number of Nodes:1955
                                                                                                                                                                                                                            Total number of Limit Nodes:55
                                                                                                                                                                                                                            execution_graph 16999 7ff7cfbd8364 17000 7ff7cfbd8369 16999->17000 17004 7ff7cfbd837e 16999->17004 17005 7ff7cfbd8384 17000->17005 17006 7ff7cfbd83c6 17005->17006 17007 7ff7cfbd83ce 17005->17007 17008 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17006->17008 17009 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17007->17009 17008->17007 17010 7ff7cfbd83db 17009->17010 17011 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17010->17011 17012 7ff7cfbd83e8 17011->17012 17013 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17012->17013 17014 7ff7cfbd83f5 17013->17014 17015 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17014->17015 17016 7ff7cfbd8402 17015->17016 17017 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17016->17017 17018 7ff7cfbd840f 17017->17018 17019 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17018->17019 17020 7ff7cfbd841c 17019->17020 17021 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17020->17021 17022 7ff7cfbd8429 17021->17022 17023 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17022->17023 17024 7ff7cfbd8439 17023->17024 17025 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17024->17025 17026 7ff7cfbd8449 17025->17026 17031 7ff7cfbd8234 17026->17031 17045 7ff7cfbdaf44 EnterCriticalSection 17031->17045 16763 7ff7cfbd42d8 16764 7ff7cfbd42f5 GetModuleHandleW 16763->16764 16765 7ff7cfbd433f 16763->16765 16764->16765 16771 7ff7cfbd4302 16764->16771 16773 7ff7cfbd41d0 16765->16773 16771->16765 16787 7ff7cfbd43e0 GetModuleHandleExW 16771->16787 16793 7ff7cfbdaf44 EnterCriticalSection 16773->16793 16788 7ff7cfbd4425 16787->16788 16789 7ff7cfbd4406 GetProcAddress 16787->16789 16790 7ff7cfbd4435 16788->16790 16791 7ff7cfbd442f FreeLibrary 16788->16791 16789->16788 16792 7ff7cfbd441d 16789->16792 16790->16765 16791->16790 16792->16788 17426 7ff7cfbca670 17427 7ff7cfbca680 17426->17427 17443 7ff7cfbd0ee0 17427->17443 17429 7ff7cfbca68c 17449 7ff7cfbcac00 17429->17449 17431 7ff7cfbcaee0 7 API calls 17433 7ff7cfbca725 17431->17433 17432 7ff7cfbca6a4 _RTC_Initialize 17441 7ff7cfbca6f9 17432->17441 17454 7ff7cfbcadb0 17432->17454 17435 7ff7cfbca6b9 17457 7ff7cfbd39a8 17435->17457 17441->17431 17442 7ff7cfbca715 17441->17442 17444 7ff7cfbd0ef1 17443->17444 17445 7ff7cfbd0ef9 17444->17445 17446 7ff7cfbcfc70 _get_daylight 13 API calls 17444->17446 17445->17429 17447 7ff7cfbd0f08 17446->17447 17448 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 17447->17448 17448->17445 17450 7ff7cfbcac11 17449->17450 17453 7ff7cfbcac16 __scrt_release_startup_lock 17449->17453 17451 7ff7cfbcaee0 7 API calls 17450->17451 17450->17453 17452 7ff7cfbcac8a 17451->17452 17453->17432 17482 7ff7cfbcad74 17454->17482 17456 7ff7cfbcadb9 17456->17435 17458 7ff7cfbca6c5 17457->17458 17459 7ff7cfbd39c8 17457->17459 17458->17441 17481 7ff7cfbcae84 InitializeSListHead 17458->17481 17460 7ff7cfbd39e6 GetModuleFileNameW 17459->17460 17461 7ff7cfbd39d0 17459->17461 17465 7ff7cfbd3a11 17460->17465 17462 7ff7cfbcfc70 _get_daylight 13 API calls 17461->17462 17463 7ff7cfbd39d5 17462->17463 17464 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 17463->17464 17464->17458 17497 7ff7cfbd3948 17465->17497 17468 7ff7cfbd3a59 17469 7ff7cfbcfc70 _get_daylight 13 API calls 17468->17469 17470 7ff7cfbd3a5e 17469->17470 17471 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17470->17471 17471->17458 17472 7ff7cfbd3a93 17474 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17472->17474 17473 7ff7cfbd3a71 17473->17472 17475 7ff7cfbd3abf 17473->17475 17476 7ff7cfbd3ad8 17473->17476 17474->17458 17477 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17475->17477 17479 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17476->17479 17478 7ff7cfbd3ac8 17477->17478 17480 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17478->17480 17479->17472 17480->17458 17483 7ff7cfbcad8e 17482->17483 17485 7ff7cfbcad87 17482->17485 17486 7ff7cfbd49c0 17483->17486 17485->17456 17489 7ff7cfbd460c 17486->17489 17496 7ff7cfbdaf44 EnterCriticalSection 17489->17496 17498 7ff7cfbd3960 17497->17498 17502 7ff7cfbd3998 17497->17502 17499 7ff7cfbd9550 _invalid_parameter_noinfo 13 API calls 17498->17499 17498->17502 17500 7ff7cfbd398e 17499->17500 17501 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17500->17501 17501->17502 17502->17468 17502->17473 16617 7ff7cfbda16c 16618 7ff7cfbda354 16617->16618 16620 7ff7cfbda1af _isindst 16617->16620 16619 7ff7cfbcfc70 _get_daylight 13 API calls 16618->16619 16635 7ff7cfbda346 16619->16635 16620->16618 16623 7ff7cfbda22b _isindst 16620->16623 16621 7ff7cfbca5f0 _handle_error 8 API calls 16622 7ff7cfbda36f 16621->16622 16638 7ff7cfbe05b4 16623->16638 16628 7ff7cfbda380 16630 7ff7cfbd5984 _wfindfirst32i64 17 API calls 16628->16630 16632 7ff7cfbda394 16630->16632 16635->16621 16636 7ff7cfbda288 16636->16635 16662 7ff7cfbe05f4 16636->16662 16639 7ff7cfbe05c2 16638->16639 16642 7ff7cfbda249 16638->16642 16669 7ff7cfbdaf44 EnterCriticalSection 16639->16669 16644 7ff7cfbdf9b0 16642->16644 16645 7ff7cfbda25e 16644->16645 16646 7ff7cfbdf9b9 16644->16646 16645->16628 16650 7ff7cfbdf9e0 16645->16650 16647 7ff7cfbcfc70 _get_daylight 13 API calls 16646->16647 16648 7ff7cfbdf9be 16647->16648 16649 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16648->16649 16649->16645 16651 7ff7cfbdf9e9 16650->16651 16655 7ff7cfbda26f 16650->16655 16652 7ff7cfbcfc70 _get_daylight 13 API calls 16651->16652 16653 7ff7cfbdf9ee 16652->16653 16654 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16653->16654 16654->16655 16655->16628 16656 7ff7cfbdfa10 16655->16656 16657 7ff7cfbda280 16656->16657 16658 7ff7cfbdfa19 16656->16658 16657->16628 16657->16636 16659 7ff7cfbcfc70 _get_daylight 13 API calls 16658->16659 16660 7ff7cfbdfa1e 16659->16660 16661 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16660->16661 16661->16657 16670 7ff7cfbdaf44 EnterCriticalSection 16662->16670 17558 7ff7cfbdbe94 17569 7ff7cfbe1960 17558->17569 17570 7ff7cfbe198b 17569->17570 17571 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17570->17571 17572 7ff7cfbe19a3 17570->17572 17571->17570 17573 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17572->17573 17574 7ff7cfbdbe9d 17572->17574 17573->17572 17575 7ff7cfbdaf44 EnterCriticalSection 17574->17575 16923 7ff7cfbe4307 16925 7ff7cfbe4317 16923->16925 16927 7ff7cfbcfbac LeaveCriticalSection 16925->16927 16938 7ff7cfbe449d 16941 7ff7cfbcfbac LeaveCriticalSection 16938->16941 17830 7ff7cfbd4534 17833 7ff7cfbd44b8 17830->17833 17840 7ff7cfbdaf44 EnterCriticalSection 17833->17840 16671 7ff7cfbd1dac 16672 7ff7cfbd1e13 16671->16672 16673 7ff7cfbd1dda 16671->16673 16672->16673 16674 7ff7cfbd1e18 FindFirstFileExW 16672->16674 16675 7ff7cfbcfc70 _get_daylight 13 API calls 16673->16675 16676 7ff7cfbd1e81 16674->16676 16677 7ff7cfbd1e3a GetLastError 16674->16677 16678 7ff7cfbd1ddf 16675->16678 16731 7ff7cfbd201c 16676->16731 16680 7ff7cfbd1e54 16677->16680 16681 7ff7cfbd1e45 16677->16681 16682 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16678->16682 16685 7ff7cfbcfc70 _get_daylight 13 API calls 16680->16685 16684 7ff7cfbd1e71 16681->16684 16689 7ff7cfbd1e4f 16681->16689 16690 7ff7cfbd1e61 16681->16690 16686 7ff7cfbd1dea 16682->16686 16687 7ff7cfbcfc70 _get_daylight 13 API calls 16684->16687 16685->16686 16691 7ff7cfbca5f0 _handle_error 8 API calls 16686->16691 16687->16686 16688 7ff7cfbd201c _wfindfirst32i64 10 API calls 16692 7ff7cfbd1ea7 16688->16692 16689->16680 16689->16684 16693 7ff7cfbcfc70 _get_daylight 13 API calls 16690->16693 16694 7ff7cfbd1dfe 16691->16694 16695 7ff7cfbd201c _wfindfirst32i64 10 API calls 16692->16695 16693->16686 16696 7ff7cfbd1eb5 16695->16696 16697 7ff7cfbdb0d4 _wfindfirst32i64 30 API calls 16696->16697 16698 7ff7cfbd1ed3 16697->16698 16698->16686 16699 7ff7cfbd1edf 16698->16699 16700 7ff7cfbd5984 _wfindfirst32i64 17 API calls 16699->16700 16701 7ff7cfbd1ef3 16700->16701 16702 7ff7cfbd1f1d 16701->16702 16705 7ff7cfbd1f5c FindNextFileW 16701->16705 16703 7ff7cfbcfc70 _get_daylight 13 API calls 16702->16703 16704 7ff7cfbd1f22 16703->16704 16706 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16704->16706 16707 7ff7cfbd1f6b GetLastError 16705->16707 16708 7ff7cfbd1fac 16705->16708 16715 7ff7cfbd1f2d 16706->16715 16710 7ff7cfbd1f85 16707->16710 16713 7ff7cfbd1f76 16707->16713 16709 7ff7cfbd201c _wfindfirst32i64 10 API calls 16708->16709 16711 7ff7cfbd1fc4 16709->16711 16714 7ff7cfbcfc70 _get_daylight 13 API calls 16710->16714 16718 7ff7cfbd201c _wfindfirst32i64 10 API calls 16711->16718 16712 7ff7cfbd1f9f 16717 7ff7cfbcfc70 _get_daylight 13 API calls 16712->16717 16713->16712 16719 7ff7cfbd1f80 16713->16719 16720 7ff7cfbd1f92 16713->16720 16714->16715 16716 7ff7cfbca5f0 _handle_error 8 API calls 16715->16716 16722 7ff7cfbd1f40 16716->16722 16717->16715 16723 7ff7cfbd1fd2 16718->16723 16719->16710 16719->16712 16721 7ff7cfbcfc70 _get_daylight 13 API calls 16720->16721 16721->16715 16724 7ff7cfbd201c _wfindfirst32i64 10 API calls 16723->16724 16725 7ff7cfbd1fe0 16724->16725 16726 7ff7cfbdb0d4 _wfindfirst32i64 30 API calls 16725->16726 16727 7ff7cfbd1ffe 16726->16727 16727->16715 16728 7ff7cfbd2006 16727->16728 16729 7ff7cfbd5984 _wfindfirst32i64 17 API calls 16728->16729 16730 7ff7cfbd201a 16729->16730 16732 7ff7cfbd2034 16731->16732 16733 7ff7cfbd203a FileTimeToSystemTime 16731->16733 16732->16733 16734 7ff7cfbd205f 16732->16734 16733->16734 16735 7ff7cfbd2049 SystemTimeToTzSpecificLocalTime 16733->16735 16736 7ff7cfbca5f0 _handle_error 8 API calls 16734->16736 16735->16734 16737 7ff7cfbd1e99 16736->16737 16737->16688 16801 7ff7cfbccca8 16802 7ff7cfbccced 16801->16802 16803 7ff7cfbcccca 16801->16803 16802->16803 16805 7ff7cfbcccf2 16802->16805 16804 7ff7cfbcfc70 _get_daylight 13 API calls 16803->16804 16807 7ff7cfbccccf 16804->16807 16814 7ff7cfbcfba0 EnterCriticalSection 16805->16814 16809 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16807->16809 16811 7ff7cfbcccda 16809->16811 17861 7ff7cfbe2140 17864 7ff7cfbdccf4 17861->17864 17865 7ff7cfbdcd01 17864->17865 17866 7ff7cfbdcd46 17864->17866 17870 7ff7cfbd85b8 17865->17870 17871 7ff7cfbd85ce 17870->17871 17872 7ff7cfbd85c9 17870->17872 17874 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 17871->17874 17876 7ff7cfbd85d6 17871->17876 17873 7ff7cfbd9998 _invalid_parameter_noinfo 6 API calls 17872->17873 17873->17871 17875 7ff7cfbd85ed 17874->17875 17875->17876 17877 7ff7cfbd9550 _invalid_parameter_noinfo 13 API calls 17875->17877 17878 7ff7cfbd4ca8 33 API calls 17876->17878 17883 7ff7cfbd8650 17876->17883 17879 7ff7cfbd8600 17877->17879 17880 7ff7cfbd865e 17878->17880 17881 7ff7cfbd861e 17879->17881 17882 7ff7cfbd860e 17879->17882 17885 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 17881->17885 17884 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 17882->17884 17895 7ff7cfbdca7c 17883->17895 17886 7ff7cfbd8615 17884->17886 17887 7ff7cfbd8626 17885->17887 17890 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17886->17890 17888 7ff7cfbd863c 17887->17888 17889 7ff7cfbd862a 17887->17889 17892 7ff7cfbd8294 _invalid_parameter_noinfo 13 API calls 17888->17892 17891 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 17889->17891 17890->17876 17891->17886 17893 7ff7cfbd8644 17892->17893 17894 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17893->17894 17894->17876 17913 7ff7cfbdcc3c 17895->17913 17897 7ff7cfbdcaa5 17928 7ff7cfbdc788 17897->17928 17900 7ff7cfbdcabf 17900->17866 17901 7ff7cfbd7d90 _fread_nolock 14 API calls 17902 7ff7cfbdcad0 17901->17902 17912 7ff7cfbdcb6b 17902->17912 17935 7ff7cfbdcd70 17902->17935 17903 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17903->17900 17906 7ff7cfbdcb66 17908 7ff7cfbcfc70 _get_daylight 13 API calls 17906->17908 17907 7ff7cfbdcb8b 17909 7ff7cfbdcbc8 17907->17909 17910 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17907->17910 17908->17912 17909->17912 17946 7ff7cfbdc5cc 17909->17946 17910->17909 17912->17903 17914 7ff7cfbdcc5f 17913->17914 17915 7ff7cfbdcc69 17914->17915 17961 7ff7cfbdaf44 EnterCriticalSection 17914->17961 17918 7ff7cfbdccdb 17915->17918 17919 7ff7cfbd4ca8 33 API calls 17915->17919 17918->17897 17921 7ff7cfbdccf3 17919->17921 17924 7ff7cfbd85b8 33 API calls 17921->17924 17927 7ff7cfbdcd46 17921->17927 17925 7ff7cfbdcd30 17924->17925 17926 7ff7cfbdca7c 43 API calls 17925->17926 17926->17927 17927->17897 17929 7ff7cfbcda10 33 API calls 17928->17929 17930 7ff7cfbdc79c 17929->17930 17931 7ff7cfbdc7a8 GetOEMCP 17930->17931 17932 7ff7cfbdc7ba 17930->17932 17933 7ff7cfbdc7cf 17931->17933 17932->17933 17934 7ff7cfbdc7bf GetACP 17932->17934 17933->17900 17933->17901 17934->17933 17936 7ff7cfbdc788 35 API calls 17935->17936 17937 7ff7cfbdcd9b 17936->17937 17938 7ff7cfbdce1b __scrt_get_show_window_mode 17937->17938 17940 7ff7cfbdcdd8 IsValidCodePage 17937->17940 17939 7ff7cfbca5f0 _handle_error 8 API calls 17938->17939 17941 7ff7cfbdcb5f 17939->17941 17940->17938 17942 7ff7cfbdcde9 17940->17942 17941->17906 17941->17907 17943 7ff7cfbdce20 GetCPInfo 17942->17943 17945 7ff7cfbdcdf2 __scrt_get_show_window_mode 17942->17945 17943->17938 17943->17945 17962 7ff7cfbdc898 17945->17962 18015 7ff7cfbdaf44 EnterCriticalSection 17946->18015 17963 7ff7cfbdc8d5 GetCPInfo 17962->17963 17964 7ff7cfbdc9cb 17962->17964 17963->17964 17970 7ff7cfbdc8e8 17963->17970 17965 7ff7cfbca5f0 _handle_error 8 API calls 17964->17965 17967 7ff7cfbdca64 17965->17967 17966 7ff7cfbdd514 36 API calls 17968 7ff7cfbdc95f 17966->17968 17967->17938 17973 7ff7cfbe20a8 17968->17973 17970->17966 17972 7ff7cfbe20a8 37 API calls 17972->17964 17974 7ff7cfbcda10 33 API calls 17973->17974 17975 7ff7cfbe20cd 17974->17975 17978 7ff7cfbe1d90 17975->17978 17979 7ff7cfbe1dd2 17978->17979 17980 7ff7cfbda0b0 _fread_nolock MultiByteToWideChar 17979->17980 17984 7ff7cfbe1e1c 17980->17984 17981 7ff7cfbe205b 17982 7ff7cfbca5f0 _handle_error 8 API calls 17981->17982 17983 7ff7cfbdc992 17982->17983 17983->17972 17984->17981 17985 7ff7cfbd7d90 _fread_nolock 14 API calls 17984->17985 17986 7ff7cfbe1e4f 17984->17986 17985->17986 17987 7ff7cfbda0b0 _fread_nolock MultiByteToWideChar 17986->17987 17989 7ff7cfbe1f53 17986->17989 17988 7ff7cfbe1ec1 17987->17988 17988->17989 18006 7ff7cfbd9a98 17988->18006 17989->17981 17990 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17989->17990 17990->17981 17993 7ff7cfbe1f10 17993->17989 17995 7ff7cfbd9a98 __crtLCMapStringW 6 API calls 17993->17995 17994 7ff7cfbe1f62 17996 7ff7cfbd7d90 _fread_nolock 14 API calls 17994->17996 17998 7ff7cfbe1f7c 17994->17998 17995->17989 17996->17998 17997 7ff7cfbd9a98 __crtLCMapStringW 6 API calls 18000 7ff7cfbe1ffd 17997->18000 17998->17989 17998->17997 17999 7ff7cfbe2032 17999->17989 18001 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17999->18001 18000->17999 18002 7ff7cfbda890 WideCharToMultiByte 18000->18002 18001->17989 18003 7ff7cfbe202c 18002->18003 18003->17999 18004 7ff7cfbe2092 18003->18004 18004->17989 18005 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18004->18005 18005->17989 18007 7ff7cfbd95c8 try_get_function 5 API calls 18006->18007 18008 7ff7cfbd9ad6 18007->18008 18010 7ff7cfbd9adb 18008->18010 18012 7ff7cfbd9b74 18008->18012 18010->17989 18010->17993 18010->17994 18011 7ff7cfbd9b37 LCMapStringW 18011->18010 18013 7ff7cfbd95c8 try_get_function 5 API calls 18012->18013 18014 7ff7cfbd9ba2 __crtLCMapStringW 18013->18014 18014->18011 16612 7ff7cfbc90c0 16613 7ff7cfbc90ee 16612->16613 16614 7ff7cfbc90d5 16612->16614 16614->16613 16616 7ff7cfbd7d90 14 API calls 16614->16616 16615 7ff7cfbc9148 16616->16615 14073 7ff7cfbca754 14096 7ff7cfbcabb4 14073->14096 14076 7ff7cfbca8a0 14206 7ff7cfbcaee0 IsProcessorFeaturePresent 14076->14206 14077 7ff7cfbca770 __scrt_acquire_startup_lock 14079 7ff7cfbca8aa 14077->14079 14081 7ff7cfbca78e 14077->14081 14080 7ff7cfbcaee0 7 API calls 14079->14080 14083 7ff7cfbca8b5 14080->14083 14082 7ff7cfbca7b3 14081->14082 14088 7ff7cfbca7d0 __scrt_release_startup_lock 14081->14088 14191 7ff7cfbd412c 14081->14191 14085 7ff7cfbca839 14102 7ff7cfbcb02c 14085->14102 14087 7ff7cfbca83e 14105 7ff7cfbc1000 14087->14105 14088->14085 14195 7ff7cfbd4470 14088->14195 14093 7ff7cfbca861 14093->14083 14202 7ff7cfbcad48 14093->14202 14213 7ff7cfbcb1a8 14096->14213 14099 7ff7cfbca768 14099->14076 14099->14077 14100 7ff7cfbcabe3 __scrt_initialize_crt 14100->14099 14215 7ff7cfbcc10c 14100->14215 14242 7ff7cfbcba40 14102->14242 14106 7ff7cfbc100b 14105->14106 14244 7ff7cfbc70f0 14106->14244 14108 7ff7cfbc101d 14255 7ff7cfbd06c8 14108->14255 14116 7ff7cfbc353b 14145 7ff7cfbc363c 14116->14145 14280 7ff7cfbc64e0 14116->14280 14118 7ff7cfbc3589 14119 7ff7cfbc35d5 14118->14119 14120 7ff7cfbc64e0 42 API calls 14118->14120 14295 7ff7cfbc6a80 14119->14295 14122 7ff7cfbc35aa 14120->14122 14122->14119 14415 7ff7cfbcf95c 14122->14415 14127 7ff7cfbc36df 14130 7ff7cfbc370a 14127->14130 14469 7ff7cfbc3040 14127->14469 14128 7ff7cfbc19c0 103 API calls 14131 7ff7cfbc3620 14128->14131 14139 7ff7cfbc374d 14130->14139 14306 7ff7cfbc7490 14130->14306 14135 7ff7cfbc3662 14131->14135 14136 7ff7cfbc3624 14131->14136 14132 7ff7cfbc6a80 31 API calls 14132->14119 14135->14127 14441 7ff7cfbc3b50 14135->14441 14421 7ff7cfbc2760 14136->14421 14137 7ff7cfbc372a 14140 7ff7cfbc3740 SetDllDirectoryW 14137->14140 14141 7ff7cfbc372f 14137->14141 14320 7ff7cfbc59d0 14139->14320 14140->14139 14142 7ff7cfbc2760 18 API calls 14141->14142 14142->14145 14432 7ff7cfbca5f0 14145->14432 14148 7ff7cfbc37a8 14149 7ff7cfbc5950 14 API calls 14148->14149 14153 7ff7cfbc37b2 14149->14153 14152 7ff7cfbc2760 18 API calls 14152->14145 14156 7ff7cfbc3866 14153->14156 14167 7ff7cfbc37bb 14153->14167 14155 7ff7cfbc36b7 14457 7ff7cfbcc8c4 14155->14457 14324 7ff7cfbc2ed0 14156->14324 14161 7ff7cfbc3684 14161->14152 14164 7ff7cfbc377f 14497 7ff7cfbc51f0 14164->14497 14165 7ff7cfbc379e 14166 7ff7cfbc54d0 FreeLibrary 14165->14166 14166->14148 14167->14145 14571 7ff7cfbc2e70 14167->14571 14171 7ff7cfbc3789 14171->14165 14174 7ff7cfbc378d 14171->14174 14172 7ff7cfbc64e0 42 API calls 14178 7ff7cfbc38a7 14172->14178 14565 7ff7cfbc5860 14174->14565 14176 7ff7cfbc3841 14179 7ff7cfbc54d0 FreeLibrary 14176->14179 14178->14145 14345 7ff7cfbc6ac0 14178->14345 14180 7ff7cfbc3855 14179->14180 14181 7ff7cfbc5950 14 API calls 14180->14181 14181->14145 14187 7ff7cfbc38e6 14188 7ff7cfbc38f7 14187->14188 14393 7ff7cfbc6780 14187->14393 14407 7ff7cfbc1aa0 14188->14407 14192 7ff7cfbd4161 14191->14192 14193 7ff7cfbd417b 14191->14193 14192->14193 16584 7ff7cfbcfb44 14192->16584 14193->14088 14196 7ff7cfbd4494 14195->14196 14197 7ff7cfbd44a6 14195->14197 14196->14085 16607 7ff7cfbd4b80 14197->16607 14200 7ff7cfbcb070 GetModuleHandleW 14201 7ff7cfbcb081 14200->14201 14201->14093 14203 7ff7cfbcad59 14202->14203 14204 7ff7cfbca878 14203->14204 14205 7ff7cfbcc10c __scrt_initialize_crt 7 API calls 14203->14205 14204->14082 14205->14204 14207 7ff7cfbcaf06 _wfindfirst32i64 __scrt_get_show_window_mode 14206->14207 14208 7ff7cfbcaf25 RtlCaptureContext RtlLookupFunctionEntry 14207->14208 14209 7ff7cfbcaf4e RtlVirtualUnwind 14208->14209 14210 7ff7cfbcaf8a __scrt_get_show_window_mode 14208->14210 14209->14210 14211 7ff7cfbcafbc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14210->14211 14212 7ff7cfbcb00e _wfindfirst32i64 14211->14212 14212->14079 14214 7ff7cfbcabd6 __scrt_dllmain_crt_thread_attach 14213->14214 14214->14099 14214->14100 14216 7ff7cfbcc114 14215->14216 14217 7ff7cfbcc11e 14215->14217 14221 7ff7cfbcc390 14216->14221 14217->14099 14222 7ff7cfbcc39f 14221->14222 14223 7ff7cfbcc119 14221->14223 14229 7ff7cfbcc5b8 14222->14229 14225 7ff7cfbcc3e8 14223->14225 14226 7ff7cfbcc413 14225->14226 14227 7ff7cfbcc3f6 DeleteCriticalSection 14226->14227 14228 7ff7cfbcc417 14226->14228 14227->14226 14228->14217 14233 7ff7cfbcc420 14229->14233 14234 7ff7cfbcc464 try_get_function 14233->14234 14240 7ff7cfbcc53a TlsFree 14233->14240 14235 7ff7cfbcc492 LoadLibraryExW 14234->14235 14236 7ff7cfbcc529 GetProcAddress 14234->14236 14234->14240 14241 7ff7cfbcc4d5 LoadLibraryExW 14234->14241 14237 7ff7cfbcc4b3 GetLastError 14235->14237 14238 7ff7cfbcc509 14235->14238 14236->14240 14237->14234 14238->14236 14239 7ff7cfbcc520 FreeLibrary 14238->14239 14239->14236 14241->14234 14241->14238 14243 7ff7cfbcb043 GetStartupInfoW 14242->14243 14243->14087 14247 7ff7cfbc710f 14244->14247 14245 7ff7cfbc7117 14245->14108 14246 7ff7cfbc7160 WideCharToMultiByte 14246->14247 14249 7ff7cfbc7207 14246->14249 14247->14245 14247->14246 14247->14249 14250 7ff7cfbc71b6 WideCharToMultiByte 14247->14250 14612 7ff7cfbc2610 14249->14612 14250->14247 14250->14249 14251 7ff7cfbc7251 14252 7ff7cfbcf95c __vcrt_freefls 14 API calls 14251->14252 14252->14245 14253 7ff7cfbcf95c __vcrt_freefls 14 API calls 14254 7ff7cfbc7233 14253->14254 14254->14251 14254->14253 14259 7ff7cfbda4c4 14255->14259 14256 7ff7cfbda547 14648 7ff7cfbcfc70 14256->14648 14259->14256 14261 7ff7cfbda508 14259->14261 14641 7ff7cfbda3a0 14261->14641 14264 7ff7cfbc1ae0 14265 7ff7cfbc1af5 14264->14265 14266 7ff7cfbc1b10 14265->14266 14757 7ff7cfbc24c0 14265->14757 14266->14145 14268 7ff7cfbc3a40 14266->14268 14269 7ff7cfbca620 14268->14269 14270 7ff7cfbc3a4c GetModuleFileNameW 14269->14270 14271 7ff7cfbc3a92 14270->14271 14272 7ff7cfbc3a7b 14270->14272 14793 7ff7cfbc75a0 14271->14793 14273 7ff7cfbc2610 16 API calls 14272->14273 14275 7ff7cfbc3a8e 14273->14275 14277 7ff7cfbca5f0 _handle_error 8 API calls 14275->14277 14279 7ff7cfbc3acf 14277->14279 14278 7ff7cfbc2760 18 API calls 14278->14275 14279->14116 14281 7ff7cfbc64ea 14280->14281 14282 7ff7cfbc7490 16 API calls 14281->14282 14283 7ff7cfbc650c GetEnvironmentVariableW 14282->14283 14284 7ff7cfbc6576 14283->14284 14285 7ff7cfbc6524 ExpandEnvironmentStringsW 14283->14285 14287 7ff7cfbca5f0 _handle_error 8 API calls 14284->14287 14286 7ff7cfbc75a0 18 API calls 14285->14286 14288 7ff7cfbc654c 14286->14288 14289 7ff7cfbc6588 14287->14289 14288->14284 14290 7ff7cfbc6556 14288->14290 14289->14118 14804 7ff7cfbd4ba8 14290->14804 14293 7ff7cfbca5f0 _handle_error 8 API calls 14294 7ff7cfbc656e 14293->14294 14294->14118 14296 7ff7cfbc7490 16 API calls 14295->14296 14297 7ff7cfbc6a97 SetEnvironmentVariableW 14296->14297 14298 7ff7cfbcf95c __vcrt_freefls 14 API calls 14297->14298 14299 7ff7cfbc35ea 14298->14299 14300 7ff7cfbc19c0 14299->14300 14301 7ff7cfbc19f0 14300->14301 14305 7ff7cfbc1a6a 14301->14305 14820 7ff7cfbc17a0 14301->14820 14304 7ff7cfbcc8c4 64 API calls 14304->14305 14305->14127 14305->14128 14307 7ff7cfbc74b1 MultiByteToWideChar 14306->14307 14308 7ff7cfbc7537 MultiByteToWideChar 14306->14308 14309 7ff7cfbc74d7 14307->14309 14310 7ff7cfbc74fc 14307->14310 14311 7ff7cfbc757f 14308->14311 14312 7ff7cfbc755a 14308->14312 14313 7ff7cfbc2610 14 API calls 14309->14313 14310->14308 14317 7ff7cfbc7512 14310->14317 14311->14137 14314 7ff7cfbc2610 14 API calls 14312->14314 14315 7ff7cfbc74ea 14313->14315 14316 7ff7cfbc756d 14314->14316 14315->14137 14316->14137 14318 7ff7cfbc2610 14 API calls 14317->14318 14319 7ff7cfbc7525 14318->14319 14319->14137 14321 7ff7cfbc59e5 14320->14321 14322 7ff7cfbc3752 14321->14322 14323 7ff7cfbc24c0 40 API calls 14321->14323 14322->14148 14473 7ff7cfbc56b0 14322->14473 14323->14322 14325 7ff7cfbc2f84 14324->14325 14332 7ff7cfbc2f43 14324->14332 14326 7ff7cfbc2fc3 14325->14326 14327 7ff7cfbc1aa0 65 API calls 14325->14327 14328 7ff7cfbca5f0 _handle_error 8 API calls 14326->14328 14327->14325 14329 7ff7cfbc2fd5 14328->14329 14329->14145 14334 7ff7cfbc6a10 14329->14334 14332->14325 14873 7ff7cfbc1440 14332->14873 14907 7ff7cfbc2980 14332->14907 14951 7ff7cfbc1770 14332->14951 14335 7ff7cfbc7490 16 API calls 14334->14335 14336 7ff7cfbc6a2f 14335->14336 14337 7ff7cfbc7490 16 API calls 14336->14337 14338 7ff7cfbc6a3f 14337->14338 14339 7ff7cfbd1d4c 31 API calls 14338->14339 14340 7ff7cfbc6a4d 14339->14340 14341 7ff7cfbcf95c __vcrt_freefls 14 API calls 14340->14341 14342 7ff7cfbc6a57 14341->14342 14343 7ff7cfbcf95c __vcrt_freefls 14 API calls 14342->14343 14344 7ff7cfbc389b 14343->14344 14344->14172 14346 7ff7cfbc6ad0 14345->14346 14347 7ff7cfbc7490 16 API calls 14346->14347 14348 7ff7cfbc6b01 14347->14348 15742 7ff7cfbd29dc 14348->15742 14351 7ff7cfbd29dc 16 API calls 14352 7ff7cfbc6b1a 14351->14352 14353 7ff7cfbd29dc 16 API calls 14352->14353 14354 7ff7cfbc6b24 14353->14354 14355 7ff7cfbd29dc 16 API calls 14354->14355 14356 7ff7cfbc6b2e GetStartupInfoW 14355->14356 14357 7ff7cfbc6b7b 14356->14357 15760 7ff7cfbd4c20 14357->15760 14361 7ff7cfbc6b8a 14362 7ff7cfbd4c20 _fread_nolock 30 API calls 14361->14362 14363 7ff7cfbc6ba1 14362->14363 14364 7ff7cfbd2590 30 API calls 14363->14364 14365 7ff7cfbc6ba8 14364->14365 14366 7ff7cfbd4c20 _fread_nolock 30 API calls 14365->14366 14367 7ff7cfbc6bc0 14366->14367 14368 7ff7cfbd2590 30 API calls 14367->14368 14369 7ff7cfbc6bc7 GetCommandLineW CreateProcessW 14368->14369 14370 7ff7cfbc6c41 14369->14370 14371 7ff7cfbc6c1b WaitForSingleObject GetExitCodeProcess 14369->14371 14373 7ff7cfbc2610 16 API calls 14370->14373 14372 7ff7cfbc6c54 14371->14372 14374 7ff7cfbca5f0 _handle_error 8 API calls 14372->14374 14373->14372 14375 7ff7cfbc38d0 14374->14375 14376 7ff7cfbc54d0 14375->14376 14377 7ff7cfbc54e2 14376->14377 14381 7ff7cfbc38dc 14376->14381 14378 7ff7cfbc558f 14377->14378 14377->14381 15779 7ff7cfbc6c80 FreeLibrary 14377->15779 14378->14381 15780 7ff7cfbc6c80 FreeLibrary 14378->15780 14382 7ff7cfbc5950 14381->14382 14383 7ff7cfbc59b2 14382->14383 14384 7ff7cfbc5965 14382->14384 14383->14187 14385 7ff7cfbcf95c __vcrt_freefls 14 API calls 14384->14385 14386 7ff7cfbc5976 14384->14386 14385->14386 14387 7ff7cfbc5987 14386->14387 14388 7ff7cfbcf95c __vcrt_freefls 14 API calls 14386->14388 14389 7ff7cfbc5998 14387->14389 14390 7ff7cfbcf95c __vcrt_freefls 14 API calls 14387->14390 14388->14387 14391 7ff7cfbcf95c __vcrt_freefls 14 API calls 14389->14391 14390->14389 14392 7ff7cfbc59a0 14391->14392 14392->14187 14394 7ff7cfbc6790 14393->14394 14395 7ff7cfbc7490 16 API calls 14394->14395 14397 7ff7cfbc67bb 14395->14397 14396 7ff7cfbc69de 15795 7ff7cfbd1d84 RemoveDirectoryW 14396->15795 14397->14396 14397->14397 15781 7ff7cfbc6e20 14397->15781 14401 7ff7cfbca5f0 _handle_error 8 API calls 14402 7ff7cfbc69fb 14401->14402 14402->14188 14403 7ff7cfbc69d6 15799 7ff7cfbd20ac FindClose 14403->15799 14405 7ff7cfbc6e20 37 API calls 14406 7ff7cfbc690e 14405->14406 14406->14403 14406->14405 14408 7ff7cfbc1aa5 14407->14408 14414 7ff7cfbc1ad7 14407->14414 14409 7ff7cfbc1abb 14408->14409 14410 7ff7cfbcf95c __vcrt_freefls 14 API calls 14408->14410 14411 7ff7cfbc1ac8 14409->14411 14412 7ff7cfbcc8c4 64 API calls 14409->14412 14410->14409 14413 7ff7cfbcf95c __vcrt_freefls 14 API calls 14411->14413 14412->14411 14413->14414 14414->14145 14416 7ff7cfbd59cc 14415->14416 14417 7ff7cfbd59d1 RtlFreeHeap 14416->14417 14418 7ff7cfbc35c9 14416->14418 14417->14418 14419 7ff7cfbd59ec 14417->14419 14418->14132 14420 7ff7cfbcfc70 _get_daylight 13 API calls 14419->14420 14420->14418 14422 7ff7cfbc2780 __scrt_get_show_window_mode 14421->14422 14423 7ff7cfbc7490 16 API calls 14422->14423 14424 7ff7cfbc27fa 14423->14424 14425 7ff7cfbc27ff 14424->14425 14426 7ff7cfbc2839 MessageBoxA 14424->14426 14428 7ff7cfbc7490 16 API calls 14425->14428 14427 7ff7cfbc2853 14426->14427 14429 7ff7cfbca5f0 _handle_error 8 API calls 14427->14429 14430 7ff7cfbc2819 MessageBoxW 14428->14430 14431 7ff7cfbc2863 14429->14431 14430->14427 14431->14145 14433 7ff7cfbca5f9 14432->14433 14434 7ff7cfbc3650 14433->14434 14435 7ff7cfbca910 IsProcessorFeaturePresent 14433->14435 14434->14200 14436 7ff7cfbca928 14435->14436 15807 7ff7cfbcab04 RtlCaptureContext 14436->15807 14442 7ff7cfbc3b5c 14441->14442 14443 7ff7cfbc7490 16 API calls 14442->14443 14444 7ff7cfbc3b87 14443->14444 14445 7ff7cfbc7490 16 API calls 14444->14445 14446 7ff7cfbc3b9a 14445->14446 15812 7ff7cfbd0c88 14446->15812 14449 7ff7cfbca5f0 _handle_error 8 API calls 14450 7ff7cfbc367c 14449->14450 14450->14161 14451 7ff7cfbc6cf0 14450->14451 14456 7ff7cfbc6d14 14451->14456 14452 7ff7cfbcf95c __vcrt_freefls 14 API calls 14453 7ff7cfbc36b2 14452->14453 14453->14127 14453->14155 14454 7ff7cfbccbe0 _fread_nolock 46 API calls 14454->14456 14455 7ff7cfbc6deb 14455->14452 14456->14454 14456->14455 14458 7ff7cfbcc8db 14457->14458 14459 7ff7cfbcc8f9 14457->14459 14460 7ff7cfbcfc70 _get_daylight 13 API calls 14458->14460 14461 7ff7cfbcc8eb 14459->14461 16253 7ff7cfbcfba0 EnterCriticalSection 14459->16253 14463 7ff7cfbcc8e0 14460->14463 14461->14161 14465 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 14463->14465 14465->14461 14470 7ff7cfbc3080 14469->14470 14472 7ff7cfbc3057 14469->14472 14470->14130 14471 7ff7cfbc1770 18 API calls 14471->14472 14472->14470 14472->14471 14478 7ff7cfbc56d4 14473->14478 14479 7ff7cfbc5701 14473->14479 14474 7ff7cfbc56fc 16254 7ff7cfbc12b0 14474->16254 14475 7ff7cfbc1770 18 API calls 14475->14478 14477 7ff7cfbc376a 14477->14148 14484 7ff7cfbc5260 14477->14484 14478->14474 14478->14475 14478->14477 14478->14479 14479->14477 14480 7ff7cfbc5837 14479->14480 14482 7ff7cfbc57d7 memcpy_s 14479->14482 14481 7ff7cfbc2760 18 API calls 14480->14481 14481->14477 14482->14477 14483 7ff7cfbcf95c __vcrt_freefls 14 API calls 14482->14483 14483->14477 14492 7ff7cfbc5273 memcpy_s 14484->14492 14486 7ff7cfbcf95c __vcrt_freefls 14 API calls 14487 7ff7cfbc5473 14486->14487 14488 7ff7cfbca5f0 _handle_error 8 API calls 14487->14488 14490 7ff7cfbc377b 14488->14490 14489 7ff7cfbc54ac 14491 7ff7cfbc2760 18 API calls 14489->14491 14490->14164 14490->14165 14496 7ff7cfbc53b6 14491->14496 14492->14489 14493 7ff7cfbc1440 144 API calls 14492->14493 14494 7ff7cfbc5495 14492->14494 14492->14496 16280 7ff7cfbc1650 14492->16280 14493->14492 14495 7ff7cfbc2760 18 API calls 14494->14495 14495->14496 14496->14486 16285 7ff7cfbc6ca0 14497->16285 14500 7ff7cfbc6ca0 31 API calls 14501 7ff7cfbc5215 14500->14501 14502 7ff7cfbc523a 14501->14502 14503 7ff7cfbc522d GetProcAddress 14501->14503 14504 7ff7cfbc2760 18 API calls 14502->14504 14507 7ff7cfbc5ae9 14503->14507 14508 7ff7cfbc5b0c GetProcAddress 14503->14508 14506 7ff7cfbc5246 14504->14506 14506->14171 14511 7ff7cfbc2610 16 API calls 14507->14511 14508->14507 14509 7ff7cfbc5b31 GetProcAddress 14508->14509 14509->14507 14510 7ff7cfbc5b56 GetProcAddress 14509->14510 14510->14507 14512 7ff7cfbc5b7e GetProcAddress 14510->14512 14513 7ff7cfbc5afc 14511->14513 14512->14507 14514 7ff7cfbc5ba6 GetProcAddress 14512->14514 14513->14171 14514->14507 14515 7ff7cfbc5bce GetProcAddress 14514->14515 14516 7ff7cfbc5bf6 GetProcAddress 14515->14516 14517 7ff7cfbc5bea 14515->14517 14518 7ff7cfbc5c12 14516->14518 14519 7ff7cfbc5c1e GetProcAddress 14516->14519 14517->14516 14518->14519 14520 7ff7cfbc5c46 GetProcAddress 14519->14520 14521 7ff7cfbc5c3a 14519->14521 14522 7ff7cfbc5c62 14520->14522 14523 7ff7cfbc5c6e GetProcAddress 14520->14523 14521->14520 14522->14523 14524 7ff7cfbc5c96 GetProcAddress 14523->14524 14525 7ff7cfbc5c8a 14523->14525 14526 7ff7cfbc5cb2 14524->14526 14527 7ff7cfbc5cbe GetProcAddress 14524->14527 14525->14524 14526->14527 14528 7ff7cfbc5ce6 GetProcAddress 14527->14528 14529 7ff7cfbc5cda 14527->14529 14530 7ff7cfbc5d02 14528->14530 14531 7ff7cfbc5d0e GetProcAddress 14528->14531 14529->14528 14530->14531 14532 7ff7cfbc5d36 GetProcAddress 14531->14532 14533 7ff7cfbc5d2a 14531->14533 14534 7ff7cfbc5d52 14532->14534 14535 7ff7cfbc5d5e GetProcAddress 14532->14535 14533->14532 14534->14535 14536 7ff7cfbc5d86 GetProcAddress 14535->14536 14537 7ff7cfbc5d7a 14535->14537 14538 7ff7cfbc5da2 14536->14538 14539 7ff7cfbc5dae GetProcAddress 14536->14539 14537->14536 14538->14539 14540 7ff7cfbc5dd6 GetProcAddress 14539->14540 14541 7ff7cfbc5dca 14539->14541 14542 7ff7cfbc5df2 14540->14542 14543 7ff7cfbc5dfe GetProcAddress 14540->14543 14541->14540 14542->14543 14544 7ff7cfbc5e26 GetProcAddress 14543->14544 14545 7ff7cfbc5e1a 14543->14545 14546 7ff7cfbc5e42 14544->14546 14547 7ff7cfbc5e4e GetProcAddress 14544->14547 14545->14544 14546->14547 14548 7ff7cfbc5e76 GetProcAddress 14547->14548 14549 7ff7cfbc5e6a 14547->14549 14550 7ff7cfbc5e92 14548->14550 14551 7ff7cfbc5e9e GetProcAddress 14548->14551 14549->14548 14550->14551 14552 7ff7cfbc5ec6 GetProcAddress 14551->14552 14553 7ff7cfbc5eba 14551->14553 14554 7ff7cfbc5ee2 14552->14554 14555 7ff7cfbc5eee GetProcAddress 14552->14555 14553->14552 14554->14555 14556 7ff7cfbc5f16 GetProcAddress 14555->14556 14557 7ff7cfbc5f0a 14555->14557 14558 7ff7cfbc5f32 14556->14558 14559 7ff7cfbc5f3e GetProcAddress 14556->14559 14557->14556 14558->14559 14560 7ff7cfbc5f66 GetProcAddress 14559->14560 14561 7ff7cfbc5f5a 14559->14561 14562 7ff7cfbc5f82 14560->14562 14563 7ff7cfbc5f8e GetProcAddress 14560->14563 14561->14560 14562->14563 14564 7ff7cfbc5faa 14563->14564 14564->14171 14566 7ff7cfbc587d 14565->14566 14567 7ff7cfbc2760 18 API calls 14566->14567 14570 7ff7cfbc379c 14566->14570 14568 7ff7cfbc58c9 14567->14568 14569 7ff7cfbc54d0 FreeLibrary 14568->14569 14569->14570 14570->14153 16290 7ff7cfbc4770 14571->16290 14574 7ff7cfbc2ebd 14574->14176 14576 7ff7cfbc2e94 14576->14574 16338 7ff7cfbc4540 14576->16338 14578 7ff7cfbc2ea0 14578->14574 16349 7ff7cfbc4670 14578->16349 14580 7ff7cfbc2eac 14580->14574 14581 7ff7cfbc30e0 14580->14581 14582 7ff7cfbc30f5 14580->14582 14583 7ff7cfbc2760 18 API calls 14581->14583 14585 7ff7cfbc310e 14582->14585 14595 7ff7cfbc3123 14582->14595 14584 7ff7cfbc30ec 14583->14584 14587 7ff7cfbca5f0 _handle_error 8 API calls 14584->14587 14586 7ff7cfbc2760 18 API calls 14585->14586 14586->14584 14588 7ff7cfbc3244 14587->14588 14588->14176 14589 7ff7cfbc1770 18 API calls 14589->14595 14590 7ff7cfbc12b0 105 API calls 14590->14595 14591 7ff7cfbc34ad 14592 7ff7cfbc2760 18 API calls 14591->14592 14592->14584 14593 7ff7cfbc348d 14594 7ff7cfbc2760 18 API calls 14593->14594 14594->14584 14595->14584 14595->14589 14595->14590 14595->14591 14595->14593 14596 7ff7cfbcf95c __vcrt_freefls 14 API calls 14595->14596 14597 7ff7cfbc3250 14595->14597 14596->14595 14598 7ff7cfbc32ac 14597->14598 14599 7ff7cfbd4ba8 30 API calls 14597->14599 14600 7ff7cfbc16d0 18 API calls 14598->14600 14599->14598 14601 7ff7cfbc32c7 14600->14601 14602 7ff7cfbc32cc 14601->14602 14609 7ff7cfbc32e0 14601->14609 14603 7ff7cfbd4ba8 30 API calls 14602->14603 14611 7ff7cfbc32d8 14603->14611 14606 7ff7cfbcf95c __vcrt_freefls 14 API calls 14607 7ff7cfbc346b 14606->14607 14608 7ff7cfbcf95c __vcrt_freefls 14 API calls 14607->14608 14608->14584 14610 7ff7cfbd4ba8 30 API calls 14609->14610 14609->14611 14610->14611 16354 7ff7cfbc23a0 14611->16354 14627 7ff7cfbca620 14612->14627 14614 7ff7cfbc262c GetLastError 14615 7ff7cfbc2659 14614->14615 14629 7ff7cfbc6fa0 14615->14629 14617 7ff7cfbc2690 __scrt_get_show_window_mode 14618 7ff7cfbc7490 13 API calls 14617->14618 14619 7ff7cfbc26e5 14618->14619 14620 7ff7cfbc2724 MessageBoxA 14619->14620 14621 7ff7cfbc26ea 14619->14621 14623 7ff7cfbc273e 14620->14623 14622 7ff7cfbc7490 13 API calls 14621->14622 14624 7ff7cfbc2704 MessageBoxW 14622->14624 14625 7ff7cfbca5f0 _handle_error 8 API calls 14623->14625 14624->14623 14626 7ff7cfbc274e 14625->14626 14626->14254 14628 7ff7cfbca64a 14627->14628 14628->14614 14628->14628 14630 7ff7cfbc6fac 14629->14630 14631 7ff7cfbc6fc7 GetLastError 14630->14631 14632 7ff7cfbc6fcd FormatMessageW 14630->14632 14631->14632 14633 7ff7cfbc7000 14632->14633 14634 7ff7cfbc701c WideCharToMultiByte 14632->14634 14635 7ff7cfbc2610 13 API calls 14633->14635 14636 7ff7cfbc7013 14634->14636 14637 7ff7cfbc7056 14634->14637 14635->14636 14639 7ff7cfbca5f0 _handle_error 8 API calls 14636->14639 14638 7ff7cfbc2610 13 API calls 14637->14638 14638->14636 14640 7ff7cfbc7085 14639->14640 14640->14617 14654 7ff7cfbcfba0 EnterCriticalSection 14641->14654 14655 7ff7cfbd8660 GetLastError 14648->14655 14650 7ff7cfbcfc79 14651 7ff7cfbd5964 14650->14651 14737 7ff7cfbd58b4 14651->14737 14656 7ff7cfbd8682 14655->14656 14659 7ff7cfbd8687 14655->14659 14678 7ff7cfbd9998 14656->14678 14661 7ff7cfbd868f SetLastError 14659->14661 14682 7ff7cfbd99e0 14659->14682 14661->14650 14665 7ff7cfbd86db 14668 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 14665->14668 14666 7ff7cfbd86cb 14667 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 14666->14667 14669 7ff7cfbd86d2 14667->14669 14670 7ff7cfbd86e3 14668->14670 14694 7ff7cfbd59cc 14669->14694 14671 7ff7cfbd86e7 14670->14671 14672 7ff7cfbd86f9 14670->14672 14674 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 14671->14674 14699 7ff7cfbd8294 14672->14699 14674->14669 14704 7ff7cfbd95c8 14678->14704 14683 7ff7cfbd95c8 try_get_function 5 API calls 14682->14683 14684 7ff7cfbd9a0e 14683->14684 14685 7ff7cfbd9a20 TlsSetValue 14684->14685 14686 7ff7cfbd86aa 14684->14686 14685->14686 14686->14661 14687 7ff7cfbd9550 14686->14687 14688 7ff7cfbd9561 _invalid_parameter_noinfo 14687->14688 14689 7ff7cfbd95b2 14688->14689 14690 7ff7cfbd9596 HeapAlloc 14688->14690 14714 7ff7cfbddc34 14688->14714 14691 7ff7cfbcfc70 _get_daylight 12 API calls 14689->14691 14690->14688 14692 7ff7cfbd86bd 14690->14692 14691->14692 14692->14665 14692->14666 14695 7ff7cfbd59d1 RtlFreeHeap 14694->14695 14696 7ff7cfbd5a03 14694->14696 14695->14696 14697 7ff7cfbd59ec 14695->14697 14696->14661 14698 7ff7cfbcfc70 _get_daylight 12 API calls 14697->14698 14698->14696 14723 7ff7cfbd816c 14699->14723 14705 7ff7cfbd9629 TlsGetValue 14704->14705 14712 7ff7cfbd9624 try_get_function 14704->14712 14706 7ff7cfbd970c 14706->14705 14709 7ff7cfbd971a GetProcAddress 14706->14709 14707 7ff7cfbd9658 LoadLibraryExW 14708 7ff7cfbd9679 GetLastError 14707->14708 14707->14712 14708->14712 14710 7ff7cfbd972b 14709->14710 14710->14705 14711 7ff7cfbd96f1 FreeLibrary 14711->14712 14712->14705 14712->14706 14712->14707 14712->14711 14713 7ff7cfbd96b3 LoadLibraryExW 14712->14713 14713->14712 14717 7ff7cfbddc64 14714->14717 14722 7ff7cfbdaf44 EnterCriticalSection 14717->14722 14735 7ff7cfbdaf44 EnterCriticalSection 14723->14735 14738 7ff7cfbd8660 _invalid_parameter_noinfo 13 API calls 14737->14738 14739 7ff7cfbd58d9 14738->14739 14740 7ff7cfbc351b 14739->14740 14745 7ff7cfbd5984 IsProcessorFeaturePresent 14739->14745 14740->14264 14746 7ff7cfbd5997 14745->14746 14749 7ff7cfbd5750 14746->14749 14750 7ff7cfbd578a _wfindfirst32i64 __scrt_get_show_window_mode 14749->14750 14751 7ff7cfbd57b2 RtlCaptureContext RtlLookupFunctionEntry 14750->14751 14752 7ff7cfbd5822 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14751->14752 14753 7ff7cfbd57ec RtlVirtualUnwind 14751->14753 14755 7ff7cfbd5874 _wfindfirst32i64 14752->14755 14753->14752 14754 7ff7cfbca5f0 _handle_error 8 API calls 14756 7ff7cfbd5893 GetCurrentProcess TerminateProcess 14754->14756 14755->14754 14758 7ff7cfbc24dc 14757->14758 14759 7ff7cfbcfc70 _get_daylight 13 API calls 14758->14759 14760 7ff7cfbc2534 14759->14760 14772 7ff7cfbcfc90 14760->14772 14762 7ff7cfbc253b __scrt_get_show_window_mode 14763 7ff7cfbc7490 16 API calls 14762->14763 14764 7ff7cfbc2590 14763->14764 14765 7ff7cfbc25cf MessageBoxA 14764->14765 14766 7ff7cfbc2595 14764->14766 14768 7ff7cfbc25e9 14765->14768 14767 7ff7cfbc7490 16 API calls 14766->14767 14769 7ff7cfbc25af MessageBoxW 14767->14769 14770 7ff7cfbca5f0 _handle_error 8 API calls 14768->14770 14769->14768 14771 7ff7cfbc25f9 14770->14771 14771->14266 14773 7ff7cfbd8660 _invalid_parameter_noinfo 13 API calls 14772->14773 14774 7ff7cfbcfca2 14773->14774 14775 7ff7cfbcfcaa 14774->14775 14776 7ff7cfbd9550 _invalid_parameter_noinfo 13 API calls 14774->14776 14779 7ff7cfbcfcdd 14774->14779 14775->14762 14777 7ff7cfbcfcd2 14776->14777 14778 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14777->14778 14778->14779 14779->14775 14784 7ff7cfbd9d00 14779->14784 14782 7ff7cfbd5984 _wfindfirst32i64 17 API calls 14783 7ff7cfbcfd6b 14782->14783 14788 7ff7cfbd9d18 14784->14788 14785 7ff7cfbd9d1d 14786 7ff7cfbcfd49 14785->14786 14787 7ff7cfbcfc70 _get_daylight 13 API calls 14785->14787 14786->14775 14786->14782 14789 7ff7cfbd9d27 14787->14789 14788->14785 14788->14786 14791 7ff7cfbd9d62 14788->14791 14790 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 14789->14790 14790->14786 14791->14786 14792 7ff7cfbcfc70 _get_daylight 13 API calls 14791->14792 14792->14789 14794 7ff7cfbc7632 WideCharToMultiByte 14793->14794 14795 7ff7cfbc75c4 WideCharToMultiByte 14793->14795 14796 7ff7cfbc765f 14794->14796 14800 7ff7cfbc3aa5 14794->14800 14797 7ff7cfbc7605 14795->14797 14798 7ff7cfbc75ee 14795->14798 14799 7ff7cfbc2610 16 API calls 14796->14799 14797->14794 14802 7ff7cfbc761b 14797->14802 14801 7ff7cfbc2610 16 API calls 14798->14801 14799->14800 14800->14275 14800->14278 14801->14800 14803 7ff7cfbc2610 16 API calls 14802->14803 14803->14800 14805 7ff7cfbc655e 14804->14805 14806 7ff7cfbd4bbf 14804->14806 14805->14293 14806->14805 14811 7ff7cfbd4c48 14806->14811 14809 7ff7cfbd5984 _wfindfirst32i64 17 API calls 14810 7ff7cfbd4c1c 14809->14810 14812 7ff7cfbd4c55 14811->14812 14813 7ff7cfbd4c5f 14811->14813 14812->14813 14818 7ff7cfbd4c7a 14812->14818 14814 7ff7cfbcfc70 _get_daylight 13 API calls 14813->14814 14815 7ff7cfbd4c66 14814->14815 14816 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 14815->14816 14817 7ff7cfbd4bec 14816->14817 14817->14805 14817->14809 14818->14817 14819 7ff7cfbcfc70 _get_daylight 13 API calls 14818->14819 14819->14815 14821 7ff7cfbc17c4 14820->14821 14824 7ff7cfbc17d4 14820->14824 14822 7ff7cfbc3b50 98 API calls 14821->14822 14822->14824 14823 7ff7cfbc6cf0 47 API calls 14825 7ff7cfbc1805 14823->14825 14824->14823 14849 7ff7cfbc1832 14824->14849 14827 7ff7cfbc181f 14825->14827 14828 7ff7cfbc183c 14825->14828 14825->14849 14826 7ff7cfbca5f0 _handle_error 8 API calls 14829 7ff7cfbc19b0 14826->14829 14830 7ff7cfbc24c0 40 API calls 14827->14830 14850 7ff7cfbccbe0 14828->14850 14829->14304 14829->14305 14830->14849 14832 7ff7cfbc1857 14833 7ff7cfbc24c0 40 API calls 14832->14833 14833->14849 14834 7ff7cfbc1851 14834->14832 14835 7ff7cfbc18d3 14834->14835 14836 7ff7cfbc18ee 14834->14836 14837 7ff7cfbc24c0 40 API calls 14835->14837 14838 7ff7cfbccbe0 _fread_nolock 46 API calls 14836->14838 14837->14849 14839 7ff7cfbc1903 14838->14839 14839->14832 14840 7ff7cfbc1915 14839->14840 14853 7ff7cfbcc954 14840->14853 14843 7ff7cfbc192d 14844 7ff7cfbc2760 18 API calls 14843->14844 14844->14849 14845 7ff7cfbc1983 14847 7ff7cfbcc8c4 64 API calls 14845->14847 14845->14849 14846 7ff7cfbc1940 14846->14845 14848 7ff7cfbc2760 18 API calls 14846->14848 14847->14849 14848->14845 14849->14826 14859 7ff7cfbccc00 14850->14859 14854 7ff7cfbcc95d 14853->14854 14858 7ff7cfbc1929 14853->14858 14855 7ff7cfbcfc70 _get_daylight 13 API calls 14854->14855 14856 7ff7cfbcc962 14855->14856 14857 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 14856->14857 14857->14858 14858->14843 14858->14846 14860 7ff7cfbccc2a 14859->14860 14871 7ff7cfbccbf8 14859->14871 14861 7ff7cfbccc76 14860->14861 14862 7ff7cfbccc39 __scrt_get_show_window_mode 14860->14862 14860->14871 14872 7ff7cfbcfba0 EnterCriticalSection 14861->14872 14865 7ff7cfbcfc70 _get_daylight 13 API calls 14862->14865 14867 7ff7cfbccc4e 14865->14867 14869 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 14867->14869 14869->14871 14871->14834 14955 7ff7cfbc6270 14873->14955 14875 7ff7cfbc1454 14876 7ff7cfbc1459 14875->14876 14964 7ff7cfbc6590 14875->14964 14876->14332 14879 7ff7cfbc14a7 14882 7ff7cfbc14e0 14879->14882 14884 7ff7cfbc3b50 98 API calls 14879->14884 14880 7ff7cfbc1487 14881 7ff7cfbc24c0 40 API calls 14880->14881 14883 7ff7cfbc149d 14881->14883 14886 7ff7cfbc1516 14882->14886 14887 7ff7cfbc14f6 14882->14887 14883->14332 14885 7ff7cfbc14bf 14884->14885 14885->14882 14888 7ff7cfbc14c7 14885->14888 14890 7ff7cfbc1534 14886->14890 14891 7ff7cfbc151c 14886->14891 14889 7ff7cfbc24c0 40 API calls 14887->14889 14892 7ff7cfbc2760 18 API calls 14888->14892 14901 7ff7cfbc14d6 14889->14901 14895 7ff7cfbc1556 14890->14895 14905 7ff7cfbc1575 14890->14905 14980 7ff7cfbc1050 14891->14980 14892->14901 14894 7ff7cfbc1624 14898 7ff7cfbcc8c4 64 API calls 14894->14898 14899 7ff7cfbc24c0 40 API calls 14895->14899 14896 7ff7cfbc15d3 14900 7ff7cfbcf95c __vcrt_freefls 14 API calls 14896->14900 14897 7ff7cfbcc8c4 64 API calls 14897->14894 14898->14883 14899->14901 14900->14901 14901->14894 14901->14897 14902 7ff7cfbccbe0 _fread_nolock 46 API calls 14902->14905 14903 7ff7cfbc15d5 14906 7ff7cfbc24c0 40 API calls 14903->14906 14905->14896 14905->14902 14905->14903 15002 7ff7cfbcd108 14905->15002 14906->14896 14909 7ff7cfbc2996 14907->14909 14908 7ff7cfbc2db9 14909->14908 15488 7ff7cfbc2dd0 14909->15488 14912 7ff7cfbc2ad7 14914 7ff7cfbc6270 80 API calls 14912->14914 14913 7ff7cfbc2dd0 55 API calls 14915 7ff7cfbc2ad3 14913->14915 14916 7ff7cfbc2adf 14914->14916 14915->14912 14917 7ff7cfbc2b45 14915->14917 14918 7ff7cfbc2afc 14916->14918 15494 7ff7cfbc6150 14916->15494 14919 7ff7cfbc2dd0 55 API calls 14917->14919 14922 7ff7cfbc2760 18 API calls 14918->14922 14924 7ff7cfbc2b16 14918->14924 14921 7ff7cfbc2b6e 14919->14921 14923 7ff7cfbc2bc8 14921->14923 14925 7ff7cfbc2dd0 55 API calls 14921->14925 14922->14924 14923->14918 14926 7ff7cfbc6270 80 API calls 14923->14926 14928 7ff7cfbca5f0 _handle_error 8 API calls 14924->14928 14927 7ff7cfbc2b9b 14925->14927 14932 7ff7cfbc2bd8 14926->14932 14927->14923 14930 7ff7cfbc2dd0 55 API calls 14927->14930 14929 7ff7cfbc2b3a 14928->14929 14929->14332 14930->14923 14931 7ff7cfbc1ae0 40 API calls 14937 7ff7cfbc2c2f 14931->14937 14932->14918 14932->14931 14933 7ff7cfbc2cf6 14932->14933 14933->14918 14935 7ff7cfbc2d0e 14933->14935 14934 7ff7cfbc2d92 14936 7ff7cfbc2760 18 API calls 14934->14936 14935->14924 14939 7ff7cfbc1770 18 API calls 14935->14939 14940 7ff7cfbc1440 144 API calls 14935->14940 14942 7ff7cfbc2d74 14935->14942 14950 7ff7cfbc2cf1 14936->14950 14937->14918 14937->14934 14941 7ff7cfbc2cbc 14937->14941 14938 7ff7cfbc1aa0 65 API calls 14938->14918 14939->14935 14940->14935 14943 7ff7cfbc17a0 103 API calls 14941->14943 14945 7ff7cfbc2760 18 API calls 14942->14945 14944 7ff7cfbc2cd3 14943->14944 14944->14935 14946 7ff7cfbc2cd7 14944->14946 14947 7ff7cfbc2d85 14945->14947 14948 7ff7cfbc24c0 40 API calls 14946->14948 14949 7ff7cfbc1aa0 65 API calls 14947->14949 14948->14950 14949->14924 14950->14938 14952 7ff7cfbc1791 14951->14952 14953 7ff7cfbc1785 14951->14953 14952->14332 14954 7ff7cfbc2760 18 API calls 14953->14954 14954->14952 14956 7ff7cfbc6282 14955->14956 14961 7ff7cfbc62b8 14955->14961 15011 7ff7cfbc16d0 14956->15011 14961->14875 14962 7ff7cfbc2760 18 API calls 14963 7ff7cfbc62ad 14962->14963 14963->14875 14966 7ff7cfbc65a0 14964->14966 14965 7ff7cfbca5f0 _handle_error 8 API calls 14967 7ff7cfbc147f 14965->14967 14975 7ff7cfbc6759 14966->14975 15376 7ff7cfbd0898 14966->15376 14967->14879 14967->14880 14969 7ff7cfbc6709 14970 7ff7cfbc7490 16 API calls 14969->14970 14972 7ff7cfbc6721 14970->14972 14971 7ff7cfbc6748 14974 7ff7cfbc3b50 98 API calls 14971->14974 14972->14971 15385 7ff7cfbc2870 14972->15385 14974->14975 14975->14965 14976 7ff7cfbd0898 37 API calls 14978 7ff7cfbc662d 14976->14978 14977 7ff7cfbc7490 16 API calls 14977->14978 14978->14969 14978->14975 14978->14976 14978->14977 14979 7ff7cfbc7300 32 API calls 14978->14979 14979->14978 14981 7ff7cfbc10a6 14980->14981 14982 7ff7cfbc10d3 14981->14982 14983 7ff7cfbc10ad 14981->14983 14986 7ff7cfbc1109 14982->14986 14987 7ff7cfbc10ed 14982->14987 14984 7ff7cfbc2760 18 API calls 14983->14984 14985 7ff7cfbc10c0 14984->14985 14985->14901 14989 7ff7cfbc111b 14986->14989 14994 7ff7cfbc1137 memcpy_s 14986->14994 14988 7ff7cfbc24c0 40 API calls 14987->14988 14991 7ff7cfbc1104 14988->14991 14990 7ff7cfbc24c0 40 API calls 14989->14990 14990->14991 14993 7ff7cfbcf95c __vcrt_freefls 14 API calls 14991->14993 14992 7ff7cfbccbe0 _fread_nolock 46 API calls 14992->14994 14995 7ff7cfbc127e 14993->14995 14994->14991 14994->14992 14996 7ff7cfbcc954 30 API calls 14994->14996 15000 7ff7cfbcd108 64 API calls 14994->15000 15001 7ff7cfbc11fe 14994->15001 14997 7ff7cfbcf95c __vcrt_freefls 14 API calls 14995->14997 14996->14994 14998 7ff7cfbc1286 14997->14998 14998->14901 14999 7ff7cfbc2760 18 API calls 14999->14991 15000->14994 15001->14999 15003 7ff7cfbcd128 15002->15003 15009 7ff7cfbcd142 15002->15009 15004 7ff7cfbcd132 15003->15004 15005 7ff7cfbcd14a 15003->15005 15003->15009 15006 7ff7cfbcfc70 _get_daylight 13 API calls 15004->15006 15480 7ff7cfbcceb8 15005->15480 15008 7ff7cfbcd137 15006->15008 15010 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15008->15010 15009->14905 15010->15009 15013 7ff7cfbc16f5 15011->15013 15012 7ff7cfbc1732 15015 7ff7cfbc62d0 15012->15015 15013->15012 15014 7ff7cfbc2760 18 API calls 15013->15014 15014->15012 15016 7ff7cfbc62e8 15015->15016 15017 7ff7cfbc6308 15016->15017 15018 7ff7cfbc635b 15016->15018 15020 7ff7cfbc64e0 42 API calls 15017->15020 15019 7ff7cfbc6360 GetTempPathW 15018->15019 15034 7ff7cfbc6375 15019->15034 15021 7ff7cfbc6314 15020->15021 15092 7ff7cfbc5fd0 15021->15092 15025 7ff7cfbca5f0 _handle_error 8 API calls 15028 7ff7cfbc629d 15025->15028 15028->14961 15028->14962 15029 7ff7cfbcf95c __vcrt_freefls 14 API calls 15031 7ff7cfbc6344 15029->15031 15031->15019 15032 7ff7cfbc6348 15031->15032 15033 7ff7cfbc2760 18 API calls 15032->15033 15036 7ff7cfbc6354 15033->15036 15035 7ff7cfbc6436 15034->15035 15038 7ff7cfbcf95c __vcrt_freefls 14 API calls 15034->15038 15040 7ff7cfbc63c1 15034->15040 15071 7ff7cfbd2f7c 15034->15071 15074 7ff7cfbc7300 15034->15074 15037 7ff7cfbc75a0 18 API calls 15035->15037 15070 7ff7cfbc6412 15036->15070 15039 7ff7cfbc6447 15037->15039 15038->15034 15041 7ff7cfbcf95c __vcrt_freefls 14 API calls 15039->15041 15043 7ff7cfbc7490 16 API calls 15040->15043 15040->15070 15042 7ff7cfbc644f 15041->15042 15045 7ff7cfbc7490 16 API calls 15042->15045 15042->15070 15044 7ff7cfbc63d7 15043->15044 15046 7ff7cfbc6419 SetEnvironmentVariableW 15044->15046 15047 7ff7cfbc63dc 15044->15047 15048 7ff7cfbc6465 15045->15048 15049 7ff7cfbcf95c __vcrt_freefls 14 API calls 15046->15049 15050 7ff7cfbc7490 16 API calls 15047->15050 15051 7ff7cfbc646a 15048->15051 15052 7ff7cfbc649d SetEnvironmentVariableW 15048->15052 15049->15070 15053 7ff7cfbc63ec 15050->15053 15054 7ff7cfbc7490 16 API calls 15051->15054 15068 7ff7cfbc6498 15052->15068 15056 7ff7cfbd1d4c 31 API calls 15053->15056 15057 7ff7cfbc647a 15054->15057 15055 7ff7cfbcf95c __vcrt_freefls 14 API calls 15055->15070 15058 7ff7cfbc63fa 15056->15058 15059 7ff7cfbd1d4c 31 API calls 15057->15059 15060 7ff7cfbcf95c __vcrt_freefls 14 API calls 15058->15060 15061 7ff7cfbc6488 15059->15061 15063 7ff7cfbc6402 15060->15063 15062 7ff7cfbcf95c __vcrt_freefls 14 API calls 15061->15062 15064 7ff7cfbc6490 15062->15064 15065 7ff7cfbcf95c __vcrt_freefls 14 API calls 15063->15065 15066 7ff7cfbcf95c __vcrt_freefls 14 API calls 15064->15066 15067 7ff7cfbc640a 15065->15067 15066->15068 15069 7ff7cfbcf95c __vcrt_freefls 14 API calls 15067->15069 15068->15055 15069->15070 15070->15025 15127 7ff7cfbd2be0 15071->15127 15075 7ff7cfbca620 15074->15075 15076 7ff7cfbc7310 GetCurrentProcess OpenProcessToken 15075->15076 15077 7ff7cfbc73d1 15076->15077 15078 7ff7cfbc735b GetTokenInformation 15076->15078 15080 7ff7cfbcf95c __vcrt_freefls 14 API calls 15077->15080 15079 7ff7cfbc737d GetLastError 15078->15079 15081 7ff7cfbc7388 15078->15081 15079->15077 15079->15081 15082 7ff7cfbc73d9 15080->15082 15081->15077 15085 7ff7cfbc739e GetTokenInformation 15081->15085 15083 7ff7cfbc73e4 CloseHandle 15082->15083 15084 7ff7cfbc73ea 15082->15084 15083->15084 15086 7ff7cfbc7413 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 15084->15086 15085->15077 15087 7ff7cfbc73c4 ConvertSidToStringSidW 15085->15087 15088 7ff7cfbc7446 CreateDirectoryW 15086->15088 15089 7ff7cfbc7458 15086->15089 15087->15077 15088->15089 15090 7ff7cfbca5f0 _handle_error 8 API calls 15089->15090 15091 7ff7cfbc7471 15090->15091 15091->15034 15093 7ff7cfbc5fdc 15092->15093 15094 7ff7cfbc7490 16 API calls 15093->15094 15095 7ff7cfbc5ffe 15094->15095 15096 7ff7cfbc6006 15095->15096 15097 7ff7cfbc6019 ExpandEnvironmentStringsW 15095->15097 15098 7ff7cfbc2760 18 API calls 15096->15098 15099 7ff7cfbcf95c __vcrt_freefls 14 API calls 15097->15099 15106 7ff7cfbc6012 15098->15106 15100 7ff7cfbc603f 15099->15100 15101 7ff7cfbc6056 15100->15101 15102 7ff7cfbc6043 15100->15102 15107 7ff7cfbc6070 15101->15107 15108 7ff7cfbc6064 15101->15108 15104 7ff7cfbc2760 18 API calls 15102->15104 15103 7ff7cfbca5f0 _handle_error 8 API calls 15105 7ff7cfbc6138 15103->15105 15104->15106 15105->15070 15117 7ff7cfbd1d4c 15105->15117 15106->15103 15258 7ff7cfbd0b08 15107->15258 15251 7ff7cfbd15d4 15108->15251 15111 7ff7cfbc606e 15112 7ff7cfbc608a 15111->15112 15115 7ff7cfbc609d __scrt_get_show_window_mode 15111->15115 15113 7ff7cfbc2760 18 API calls 15112->15113 15113->15106 15114 7ff7cfbc6112 CreateDirectoryW 15114->15106 15115->15114 15116 7ff7cfbc60ec CreateDirectoryW 15115->15116 15116->15115 15118 7ff7cfbd1d6c 15117->15118 15119 7ff7cfbd1d59 15117->15119 15368 7ff7cfbd19c8 15118->15368 15120 7ff7cfbcfc70 _get_daylight 13 API calls 15119->15120 15122 7ff7cfbd1d5e 15120->15122 15125 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15122->15125 15124 7ff7cfbc633a 15124->15029 15125->15124 15170 7ff7cfbdbd40 15127->15170 15220 7ff7cfbdbabc 15170->15220 15241 7ff7cfbdaf44 EnterCriticalSection 15220->15241 15252 7ff7cfbd1625 15251->15252 15253 7ff7cfbd15f2 15251->15253 15252->15111 15253->15252 15272 7ff7cfbdb0d4 15253->15272 15256 7ff7cfbd5984 _wfindfirst32i64 17 API calls 15257 7ff7cfbd1655 15256->15257 15259 7ff7cfbd0b90 15258->15259 15260 7ff7cfbd0b27 15258->15260 15308 7ff7cfbda868 15259->15308 15260->15259 15262 7ff7cfbd0b2c 15260->15262 15263 7ff7cfbd0b3f 15262->15263 15264 7ff7cfbd0b5c 15262->15264 15281 7ff7cfbd08c8 GetFullPathNameW 15263->15281 15289 7ff7cfbd093c GetFullPathNameW 15264->15289 15265 7ff7cfbd0b54 15265->15111 15270 7ff7cfbd0b7a 15270->15265 15271 7ff7cfbcf95c __vcrt_freefls 14 API calls 15270->15271 15271->15265 15273 7ff7cfbdb0e1 15272->15273 15274 7ff7cfbdb0eb 15272->15274 15273->15274 15278 7ff7cfbdb107 15273->15278 15275 7ff7cfbcfc70 _get_daylight 13 API calls 15274->15275 15280 7ff7cfbdb0f3 15275->15280 15276 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15277 7ff7cfbd1621 15276->15277 15277->15252 15277->15256 15278->15277 15279 7ff7cfbcfc70 _get_daylight 13 API calls 15278->15279 15279->15280 15280->15276 15282 7ff7cfbd0904 15281->15282 15283 7ff7cfbd08ee GetLastError 15281->15283 15284 7ff7cfbd0900 15282->15284 15288 7ff7cfbcfc70 _get_daylight 13 API calls 15282->15288 15285 7ff7cfbcfc00 _fread_nolock 13 API calls 15283->15285 15284->15265 15286 7ff7cfbd08fb 15285->15286 15287 7ff7cfbcfc70 _get_daylight 13 API calls 15286->15287 15287->15284 15288->15284 15290 7ff7cfbd0973 GetLastError 15289->15290 15292 7ff7cfbd0989 15289->15292 15291 7ff7cfbcfc00 _fread_nolock 13 API calls 15290->15291 15295 7ff7cfbd0980 15291->15295 15293 7ff7cfbd0985 15292->15293 15294 7ff7cfbd09a7 15292->15294 15296 7ff7cfbcf95c __vcrt_freefls 14 API calls 15292->15296 15299 7ff7cfbd0a20 15293->15299 15294->15293 15298 7ff7cfbd09e0 GetFullPathNameW 15294->15298 15297 7ff7cfbcfc70 _get_daylight 13 API calls 15295->15297 15296->15294 15297->15293 15298->15290 15298->15293 15302 7ff7cfbd0a99 memcpy_s 15299->15302 15304 7ff7cfbd0a49 __scrt_get_show_window_mode 15299->15304 15300 7ff7cfbd0a82 15301 7ff7cfbcfc70 _get_daylight 13 API calls 15300->15301 15303 7ff7cfbd0a87 15301->15303 15302->15270 15306 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15303->15306 15304->15300 15304->15302 15305 7ff7cfbd0abb 15304->15305 15305->15302 15307 7ff7cfbcfc70 _get_daylight 13 API calls 15305->15307 15306->15302 15307->15303 15311 7ff7cfbda680 15308->15311 15312 7ff7cfbda6d5 15311->15312 15313 7ff7cfbda6ac 15311->15313 15314 7ff7cfbda6fa 15312->15314 15315 7ff7cfbda6d9 15312->15315 15316 7ff7cfbcfc70 _get_daylight 13 API calls 15313->15316 15354 7ff7cfbd9dd4 15314->15354 15342 7ff7cfbda7e8 15315->15342 15318 7ff7cfbda6b1 15316->15318 15322 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15318->15322 15321 7ff7cfbda6e2 15323 7ff7cfbcfc50 _fread_nolock 13 API calls 15321->15323 15340 7ff7cfbda6bc 15322->15340 15324 7ff7cfbda6e7 15323->15324 15327 7ff7cfbcfc70 _get_daylight 13 API calls 15324->15327 15325 7ff7cfbda6ff 15326 7ff7cfbda7a3 15325->15326 15332 7ff7cfbda727 15325->15332 15326->15313 15329 7ff7cfbda7ab 15326->15329 15327->15318 15328 7ff7cfbca5f0 _handle_error 8 API calls 15330 7ff7cfbda6ca 15328->15330 15331 7ff7cfbd08c8 15 API calls 15329->15331 15330->15265 15331->15340 15333 7ff7cfbd093c 17 API calls 15332->15333 15334 7ff7cfbda764 15333->15334 15335 7ff7cfbda768 15334->15335 15337 7ff7cfbda78b 15334->15337 15336 7ff7cfbd0a20 30 API calls 15335->15336 15339 7ff7cfbda771 15336->15339 15338 7ff7cfbcf95c __vcrt_freefls 14 API calls 15337->15338 15337->15340 15338->15340 15339->15340 15341 7ff7cfbcf95c __vcrt_freefls 14 API calls 15339->15341 15340->15328 15341->15340 15343 7ff7cfbda802 15342->15343 15344 7ff7cfbda821 15342->15344 15347 7ff7cfbcfc50 _fread_nolock 13 API calls 15343->15347 15345 7ff7cfbda82c GetDriveTypeW 15344->15345 15346 7ff7cfbda81d 15344->15346 15345->15346 15349 7ff7cfbca5f0 _handle_error 8 API calls 15346->15349 15348 7ff7cfbda807 15347->15348 15350 7ff7cfbcfc70 _get_daylight 13 API calls 15348->15350 15352 7ff7cfbda6de 15349->15352 15351 7ff7cfbda812 15350->15351 15353 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15351->15353 15352->15321 15352->15325 15353->15346 15355 7ff7cfbcba40 __scrt_get_show_window_mode 15354->15355 15356 7ff7cfbd9e0a GetCurrentDirectoryW 15355->15356 15357 7ff7cfbd9e21 15356->15357 15358 7ff7cfbd9e48 15356->15358 15361 7ff7cfbca5f0 _handle_error 8 API calls 15357->15361 15359 7ff7cfbd9550 _invalid_parameter_noinfo 13 API calls 15358->15359 15360 7ff7cfbd9e57 15359->15360 15363 7ff7cfbd9e70 15360->15363 15364 7ff7cfbd9e61 GetCurrentDirectoryW 15360->15364 15362 7ff7cfbd9eb5 15361->15362 15362->15325 15366 7ff7cfbcfc70 _get_daylight 13 API calls 15363->15366 15364->15363 15365 7ff7cfbd9e75 15364->15365 15367 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15365->15367 15366->15365 15367->15357 15375 7ff7cfbdaf44 EnterCriticalSection 15368->15375 15396 7ff7cfbd84e4 GetLastError 15376->15396 15379 7ff7cfbda679 15423 7ff7cfbca9e4 15379->15423 15382 7ff7cfbda5a0 15383 7ff7cfbca5f0 _handle_error 8 API calls 15382->15383 15384 7ff7cfbda66e 15383->15384 15384->14978 15386 7ff7cfbc2890 __scrt_get_show_window_mode 15385->15386 15387 7ff7cfbc7490 16 API calls 15386->15387 15388 7ff7cfbc290a 15387->15388 15389 7ff7cfbc290f 15388->15389 15390 7ff7cfbc2949 MessageBoxA 15388->15390 15391 7ff7cfbc7490 16 API calls 15389->15391 15392 7ff7cfbc2963 15390->15392 15394 7ff7cfbc2929 MessageBoxW 15391->15394 15393 7ff7cfbca5f0 _handle_error 8 API calls 15392->15393 15395 7ff7cfbc2973 15393->15395 15394->15392 15395->14971 15397 7ff7cfbd8506 15396->15397 15398 7ff7cfbd850b 15396->15398 15399 7ff7cfbd9998 _invalid_parameter_noinfo 6 API calls 15397->15399 15400 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 15398->15400 15402 7ff7cfbd8513 SetLastError 15398->15402 15399->15398 15401 7ff7cfbd852e 15400->15401 15401->15402 15404 7ff7cfbd9550 _invalid_parameter_noinfo 13 API calls 15401->15404 15406 7ff7cfbd85b2 15402->15406 15407 7ff7cfbd08ad 15402->15407 15405 7ff7cfbd8541 15404->15405 15409 7ff7cfbd855f 15405->15409 15410 7ff7cfbd854f 15405->15410 15426 7ff7cfbd4ca8 15406->15426 15407->15379 15407->15382 15412 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 15409->15412 15413 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 15410->15413 15414 7ff7cfbd8567 15412->15414 15420 7ff7cfbd8556 15413->15420 15415 7ff7cfbd856b 15414->15415 15416 7ff7cfbd857d 15414->15416 15418 7ff7cfbd99e0 _invalid_parameter_noinfo 6 API calls 15415->15418 15419 7ff7cfbd8294 _invalid_parameter_noinfo 13 API calls 15416->15419 15417 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15417->15402 15418->15420 15421 7ff7cfbd8585 15419->15421 15420->15417 15422 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15421->15422 15422->15402 15470 7ff7cfbca9f8 IsProcessorFeaturePresent 15423->15470 15435 7ff7cfbd2720 15426->15435 15461 7ff7cfbd2608 15435->15461 15466 7ff7cfbdaf44 EnterCriticalSection 15461->15466 15471 7ff7cfbcaa0f 15470->15471 15476 7ff7cfbcaa94 RtlCaptureContext RtlLookupFunctionEntry 15471->15476 15477 7ff7cfbcaac4 RtlVirtualUnwind 15476->15477 15478 7ff7cfbcaa23 15476->15478 15477->15478 15479 7ff7cfbca8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15478->15479 15487 7ff7cfbcfba0 EnterCriticalSection 15480->15487 15489 7ff7cfbc2e04 15488->15489 15490 7ff7cfbc2e3b 15489->15490 15518 7ff7cfbd05c0 15489->15518 15492 7ff7cfbca5f0 _handle_error 8 API calls 15490->15492 15493 7ff7cfbc2a86 15492->15493 15493->14912 15493->14913 15495 7ff7cfbc615e 15494->15495 15496 7ff7cfbc3b50 98 API calls 15495->15496 15497 7ff7cfbc6185 15496->15497 15498 7ff7cfbc6590 115 API calls 15497->15498 15499 7ff7cfbc6193 15498->15499 15500 7ff7cfbc6243 15499->15500 15502 7ff7cfbc61ad 15499->15502 15501 7ff7cfbc623f 15500->15501 15504 7ff7cfbcc8c4 64 API calls 15500->15504 15505 7ff7cfbca5f0 _handle_error 8 API calls 15501->15505 15716 7ff7cfbcc928 15502->15716 15504->15501 15506 7ff7cfbc6265 15505->15506 15506->14918 15507 7ff7cfbcc8c4 64 API calls 15509 7ff7cfbc6237 15507->15509 15508 7ff7cfbccbe0 _fread_nolock 46 API calls 15510 7ff7cfbc61b2 15508->15510 15511 7ff7cfbcc8c4 64 API calls 15509->15511 15510->15508 15512 7ff7cfbcc954 30 API calls 15510->15512 15513 7ff7cfbcd108 64 API calls 15510->15513 15514 7ff7cfbc61e9 15510->15514 15515 7ff7cfbcc928 30 API calls 15510->15515 15517 7ff7cfbc6220 15510->15517 15511->15501 15512->15510 15513->15510 15722 7ff7cfbd2f98 15514->15722 15515->15510 15517->15507 15519 7ff7cfbd05dd 15518->15519 15520 7ff7cfbd05e9 15518->15520 15535 7ff7cfbcfee4 15519->15535 15559 7ff7cfbcda10 15520->15559 15524 7ff7cfbd0621 15570 7ff7cfbcfd6c 15524->15570 15528 7ff7cfbd068d 15531 7ff7cfbcfee4 52 API calls 15528->15531 15529 7ff7cfbd0679 15530 7ff7cfbd05e2 15529->15530 15532 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15529->15532 15530->15490 15533 7ff7cfbd0699 15531->15533 15532->15530 15533->15530 15534 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15533->15534 15534->15530 15536 7ff7cfbcff03 15535->15536 15537 7ff7cfbcff1f 15535->15537 15538 7ff7cfbcfc50 _fread_nolock 13 API calls 15536->15538 15537->15536 15539 7ff7cfbcff32 CreateFileW 15537->15539 15540 7ff7cfbcff08 15538->15540 15541 7ff7cfbcff65 15539->15541 15542 7ff7cfbcffac 15539->15542 15544 7ff7cfbcfc70 _get_daylight 13 API calls 15540->15544 15592 7ff7cfbd0030 GetFileType 15541->15592 15618 7ff7cfbd04b4 15542->15618 15547 7ff7cfbcff0f 15544->15547 15551 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15547->15551 15548 7ff7cfbcff73 15553 7ff7cfbcff1a 15548->15553 15555 7ff7cfbcff8e CloseHandle 15548->15555 15549 7ff7cfbcffb5 15552 7ff7cfbcfc00 _fread_nolock 13 API calls 15549->15552 15550 7ff7cfbcffc1 15641 7ff7cfbd0270 15550->15641 15551->15553 15558 7ff7cfbcffbf 15552->15558 15553->15530 15555->15553 15558->15548 15560 7ff7cfbcda34 15559->15560 15561 7ff7cfbcda2f 15559->15561 15560->15561 15562 7ff7cfbd84e4 33 API calls 15560->15562 15561->15524 15567 7ff7cfbd97f0 15561->15567 15563 7ff7cfbcda4f 15562->15563 15682 7ff7cfbd878c 15563->15682 15568 7ff7cfbd95c8 try_get_function 5 API calls 15567->15568 15569 7ff7cfbd9810 15568->15569 15569->15524 15571 7ff7cfbcfd95 15570->15571 15572 7ff7cfbcfdb7 15570->15572 15573 7ff7cfbcfda3 15571->15573 15576 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15571->15576 15574 7ff7cfbcfe10 15572->15574 15575 7ff7cfbcfdbb 15572->15575 15573->15528 15573->15529 15713 7ff7cfbda0b0 15574->15713 15575->15573 15578 7ff7cfbcfdcf 15575->15578 15581 7ff7cfbd59cc Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15575->15581 15576->15573 15706 7ff7cfbd7d90 15578->15706 15581->15578 15593 7ff7cfbd013b 15592->15593 15596 7ff7cfbd007e 15592->15596 15594 7ff7cfbd0143 15593->15594 15595 7ff7cfbd0165 15593->15595 15599 7ff7cfbd0156 GetLastError 15594->15599 15600 7ff7cfbd0147 15594->15600 15602 7ff7cfbd0126 15595->15602 15603 7ff7cfbd0188 PeekNamedPipe 15595->15603 15597 7ff7cfbd00aa GetFileInformationByHandle 15596->15597 15598 7ff7cfbd03ac 23 API calls 15596->15598 15597->15599 15601 7ff7cfbd00d3 15597->15601 15604 7ff7cfbd0098 15598->15604 15607 7ff7cfbcfc00 _fread_nolock 13 API calls 15599->15607 15605 7ff7cfbcfc70 _get_daylight 13 API calls 15600->15605 15606 7ff7cfbd0270 34 API calls 15601->15606 15608 7ff7cfbca5f0 _handle_error 8 API calls 15602->15608 15603->15602 15604->15597 15604->15602 15605->15602 15609 7ff7cfbd00de 15606->15609 15607->15602 15610 7ff7cfbd01c1 15608->15610 15658 7ff7cfbd01d8 15609->15658 15610->15548 15613 7ff7cfbd01d8 10 API calls 15614 7ff7cfbd00fd 15613->15614 15615 7ff7cfbd01d8 10 API calls 15614->15615 15616 7ff7cfbd010e 15615->15616 15616->15602 15617 7ff7cfbcfc70 _get_daylight 13 API calls 15616->15617 15617->15602 15619 7ff7cfbd04ea 15618->15619 15620 7ff7cfbd0592 15619->15620 15622 7ff7cfbcfc70 _get_daylight 13 API calls 15619->15622 15621 7ff7cfbca5f0 _handle_error 8 API calls 15620->15621 15623 7ff7cfbcffb1 15621->15623 15624 7ff7cfbd04fe 15622->15624 15623->15549 15623->15550 15625 7ff7cfbcfc70 _get_daylight 13 API calls 15624->15625 15626 7ff7cfbd0505 15625->15626 15627 7ff7cfbd0b08 39 API calls 15626->15627 15628 7ff7cfbd051b 15627->15628 15629 7ff7cfbd0523 15628->15629 15630 7ff7cfbd052c 15628->15630 15631 7ff7cfbcfc70 _get_daylight 13 API calls 15629->15631 15632 7ff7cfbcfc70 _get_daylight 13 API calls 15630->15632 15639 7ff7cfbd0528 15631->15639 15633 7ff7cfbd0531 15632->15633 15634 7ff7cfbd0587 15633->15634 15635 7ff7cfbcfc70 _get_daylight 13 API calls 15633->15635 15637 7ff7cfbcf95c __vcrt_freefls 14 API calls 15634->15637 15636 7ff7cfbd053b 15635->15636 15638 7ff7cfbd0b08 39 API calls 15636->15638 15637->15620 15638->15639 15639->15634 15640 7ff7cfbd0575 GetDriveTypeW 15639->15640 15640->15634 15643 7ff7cfbd0298 15641->15643 15642 7ff7cfbcffce 15651 7ff7cfbd03ac 15642->15651 15643->15642 15665 7ff7cfbd9f40 15643->15665 15645 7ff7cfbd032c 15645->15642 15646 7ff7cfbd9f40 34 API calls 15645->15646 15647 7ff7cfbd033f 15646->15647 15647->15642 15648 7ff7cfbd9f40 34 API calls 15647->15648 15649 7ff7cfbd0352 15648->15649 15649->15642 15650 7ff7cfbd9f40 34 API calls 15649->15650 15650->15642 15652 7ff7cfbd03c6 15651->15652 15653 7ff7cfbd03d6 15652->15653 15654 7ff7cfbd03fe 15652->15654 15656 7ff7cfbcfc00 _fread_nolock 13 API calls 15653->15656 15657 7ff7cfbd03e6 15653->15657 15655 7ff7cfbd9dd4 23 API calls 15654->15655 15655->15657 15656->15657 15657->15558 15659 7ff7cfbd0204 FileTimeToSystemTime 15658->15659 15660 7ff7cfbd01f7 15658->15660 15661 7ff7cfbd0216 SystemTimeToTzSpecificLocalTime 15659->15661 15662 7ff7cfbd01ff 15659->15662 15660->15659 15660->15662 15661->15662 15663 7ff7cfbca5f0 _handle_error 8 API calls 15662->15663 15664 7ff7cfbd00ed 15663->15664 15664->15613 15666 7ff7cfbd9f4d 15665->15666 15667 7ff7cfbd9f71 15665->15667 15666->15667 15668 7ff7cfbd9f52 15666->15668 15669 7ff7cfbd9fab 15667->15669 15672 7ff7cfbd9fca 15667->15672 15670 7ff7cfbcfc70 _get_daylight 13 API calls 15668->15670 15671 7ff7cfbcfc70 _get_daylight 13 API calls 15669->15671 15673 7ff7cfbd9f57 15670->15673 15674 7ff7cfbd9fb0 15671->15674 15675 7ff7cfbcda10 33 API calls 15672->15675 15676 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15673->15676 15677 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15674->15677 15680 7ff7cfbd9fd7 15675->15680 15678 7ff7cfbd9f62 15676->15678 15679 7ff7cfbd9fbb 15677->15679 15678->15645 15679->15645 15680->15679 15681 7ff7cfbdf87c 34 API calls 15680->15681 15681->15680 15683 7ff7cfbd87a1 15682->15683 15685 7ff7cfbcda72 15682->15685 15683->15685 15690 7ff7cfbdd9d8 15683->15690 15686 7ff7cfbd87c0 15685->15686 15687 7ff7cfbd87d5 15686->15687 15688 7ff7cfbd87e8 15686->15688 15687->15688 15703 7ff7cfbdcd54 15687->15703 15688->15561 15691 7ff7cfbd84e4 33 API calls 15690->15691 15692 7ff7cfbdd9e7 15691->15692 15693 7ff7cfbdda32 15692->15693 15702 7ff7cfbdaf44 EnterCriticalSection 15692->15702 15693->15685 15704 7ff7cfbd84e4 33 API calls 15703->15704 15705 7ff7cfbdcd5d 15704->15705 15707 7ff7cfbd7ddb 15706->15707 15711 7ff7cfbd7d9f _invalid_parameter_noinfo 15706->15711 15709 7ff7cfbcfc70 _get_daylight 13 API calls 15707->15709 15708 7ff7cfbd7dc2 HeapAlloc 15710 7ff7cfbd7dd9 15708->15710 15708->15711 15709->15710 15710->15573 15711->15707 15711->15708 15712 7ff7cfbddc34 _invalid_parameter_noinfo 2 API calls 15711->15712 15712->15711 15714 7ff7cfbda0b8 MultiByteToWideChar 15713->15714 15717 7ff7cfbcc941 15716->15717 15718 7ff7cfbcc931 15716->15718 15717->15510 15719 7ff7cfbcfc70 _get_daylight 13 API calls 15718->15719 15720 7ff7cfbcc936 15719->15720 15721 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15720->15721 15721->15717 15723 7ff7cfbd2fa0 15722->15723 15724 7ff7cfbd2fbc 15723->15724 15725 7ff7cfbd2fdd 15723->15725 15726 7ff7cfbcfc70 _get_daylight 13 API calls 15724->15726 15741 7ff7cfbcfba0 EnterCriticalSection 15725->15741 15728 7ff7cfbd2fc1 15726->15728 15731 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15728->15731 15736 7ff7cfbd2fcb 15731->15736 15736->15517 15743 7ff7cfbd2a04 15742->15743 15758 7ff7cfbd2ab7 memcpy_s 15742->15758 15744 7ff7cfbd2ac7 15743->15744 15747 7ff7cfbd2a1b 15743->15747 15750 7ff7cfbd8660 _invalid_parameter_noinfo 13 API calls 15744->15750 15744->15758 15745 7ff7cfbc6b10 15745->14351 15746 7ff7cfbcfc70 _get_daylight 13 API calls 15746->15745 15778 7ff7cfbdaf44 EnterCriticalSection 15747->15778 15751 7ff7cfbd2ae3 15750->15751 15755 7ff7cfbd7d90 _fread_nolock 14 API calls 15751->15755 15751->15758 15755->15758 15758->15745 15758->15746 15761 7ff7cfbc6b83 15760->15761 15762 7ff7cfbd4c29 15760->15762 15766 7ff7cfbd2590 15761->15766 15763 7ff7cfbcfc70 _get_daylight 13 API calls 15762->15763 15764 7ff7cfbd4c2e 15763->15764 15765 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15764->15765 15765->15761 15767 7ff7cfbd25ae 15766->15767 15768 7ff7cfbd2599 15766->15768 15770 7ff7cfbcfc50 _fread_nolock 13 API calls 15767->15770 15775 7ff7cfbd25a6 15767->15775 15769 7ff7cfbcfc50 _fread_nolock 13 API calls 15768->15769 15771 7ff7cfbd259e 15769->15771 15773 7ff7cfbd25e9 15770->15773 15772 7ff7cfbcfc70 _get_daylight 13 API calls 15771->15772 15772->15775 15774 7ff7cfbcfc70 _get_daylight 13 API calls 15773->15774 15776 7ff7cfbd25f1 15774->15776 15775->14361 15777 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15776->15777 15777->15775 15779->14378 15780->14381 15784 7ff7cfbc6e2c 15781->15784 15782 7ff7cfbca5f0 _handle_error 8 API calls 15783 7ff7cfbc6f88 15782->15783 15783->14406 15784->15784 15785 7ff7cfbc6f3a 15784->15785 15786 7ff7cfbc6f59 15784->15786 15793 7ff7cfbc6f57 15784->15793 15787 7ff7cfbc75a0 18 API calls 15785->15787 15803 7ff7cfbd2bb8 DeleteFileW 15786->15803 15789 7ff7cfbc6f4d 15787->15789 15791 7ff7cfbc6780 36 API calls 15789->15791 15791->15793 15792 7ff7cfbc6f65 Sleep 15794 7ff7cfbd2bb8 15 API calls 15792->15794 15793->15782 15794->15793 15796 7ff7cfbc69eb 15795->15796 15797 7ff7cfbd1d92 GetLastError 15795->15797 15796->14401 15798 7ff7cfbcfc00 _fread_nolock 13 API calls 15797->15798 15798->15796 15800 7ff7cfbd20bf 15799->15800 15801 7ff7cfbd20ba 15799->15801 15800->14396 15802 7ff7cfbcfc70 _get_daylight 13 API calls 15801->15802 15802->15800 15804 7ff7cfbd2bc6 GetLastError 15803->15804 15805 7ff7cfbc6f61 15803->15805 15806 7ff7cfbcfc00 _fread_nolock 13 API calls 15804->15806 15805->15792 15805->15793 15806->15805 15808 7ff7cfbcab1e RtlLookupFunctionEntry 15807->15808 15809 7ff7cfbcab34 RtlVirtualUnwind 15808->15809 15810 7ff7cfbca93b 15808->15810 15809->15808 15809->15810 15811 7ff7cfbca8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15810->15811 15813 7ff7cfbd0bbc 15812->15813 15814 7ff7cfbd0be2 15813->15814 15816 7ff7cfbd0c15 15813->15816 15815 7ff7cfbcfc70 _get_daylight 13 API calls 15814->15815 15817 7ff7cfbd0be7 15815->15817 15818 7ff7cfbd0c1b 15816->15818 15819 7ff7cfbd0c28 15816->15819 15820 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 15817->15820 15821 7ff7cfbcfc70 _get_daylight 13 API calls 15818->15821 15831 7ff7cfbd5be4 15819->15831 15823 7ff7cfbc3ba9 15820->15823 15821->15823 15823->14449 15844 7ff7cfbdaf44 EnterCriticalSection 15831->15844 16255 7ff7cfbc12c6 16254->16255 16256 7ff7cfbc12f8 16254->16256 16257 7ff7cfbc3b50 98 API calls 16255->16257 16260 7ff7cfbc132f 16256->16260 16261 7ff7cfbc130e 16256->16261 16258 7ff7cfbc12d6 16257->16258 16258->16256 16259 7ff7cfbc12de 16258->16259 16262 7ff7cfbc2760 18 API calls 16259->16262 16266 7ff7cfbc1364 16260->16266 16267 7ff7cfbc1344 16260->16267 16263 7ff7cfbc24c0 40 API calls 16261->16263 16265 7ff7cfbc12ee 16262->16265 16264 7ff7cfbc1325 16263->16264 16264->14479 16265->14479 16269 7ff7cfbc137e 16266->16269 16274 7ff7cfbc1395 16266->16274 16268 7ff7cfbc24c0 40 API calls 16267->16268 16278 7ff7cfbc135f 16268->16278 16270 7ff7cfbc1050 86 API calls 16269->16270 16271 7ff7cfbc138f 16270->16271 16277 7ff7cfbcf95c __vcrt_freefls 14 API calls 16271->16277 16271->16278 16272 7ff7cfbc1421 16272->14479 16273 7ff7cfbccbe0 _fread_nolock 46 API calls 16273->16274 16274->16273 16276 7ff7cfbc13de 16274->16276 16274->16278 16275 7ff7cfbcc8c4 64 API calls 16275->16272 16279 7ff7cfbc24c0 40 API calls 16276->16279 16277->16278 16278->16272 16278->16275 16279->16271 16281 7ff7cfbc1669 16280->16281 16282 7ff7cfbc16ab 16280->16282 16281->16282 16283 7ff7cfbc2760 18 API calls 16281->16283 16282->14492 16284 7ff7cfbc16bf 16283->16284 16284->14492 16286 7ff7cfbc7490 16 API calls 16285->16286 16287 7ff7cfbc6cb7 LoadLibraryExW 16286->16287 16288 7ff7cfbcf95c __vcrt_freefls 14 API calls 16287->16288 16289 7ff7cfbc5202 16288->16289 16289->14500 16291 7ff7cfbc4780 16290->16291 16292 7ff7cfbc47bb 16291->16292 16295 7ff7cfbc47db 16291->16295 16293 7ff7cfbc2760 18 API calls 16292->16293 16294 7ff7cfbc47d1 16293->16294 16296 7ff7cfbca5f0 _handle_error 8 API calls 16294->16296 16297 7ff7cfbc4832 16295->16297 16299 7ff7cfbc481a 16295->16299 16304 7ff7cfbc2760 18 API calls 16295->16304 16301 7ff7cfbc2e7e 16296->16301 16298 7ff7cfbc4869 16297->16298 16302 7ff7cfbc2760 18 API calls 16297->16302 16303 7ff7cfbc6ca0 31 API calls 16298->16303 16370 7ff7cfbc3ae0 16299->16370 16301->14574 16312 7ff7cfbc4af0 16301->16312 16302->16298 16306 7ff7cfbc4876 16303->16306 16304->16299 16307 7ff7cfbc489d 16306->16307 16308 7ff7cfbc487b 16306->16308 16376 7ff7cfbc3c90 GetProcAddress 16307->16376 16311 7ff7cfbc2610 16 API calls 16308->16311 16310 7ff7cfbc6ca0 31 API calls 16310->16297 16311->16294 16313 7ff7cfbc7490 16 API calls 16312->16313 16314 7ff7cfbc4b12 16313->16314 16315 7ff7cfbc4b17 16314->16315 16318 7ff7cfbc4b2e 16314->16318 16316 7ff7cfbc2760 18 API calls 16315->16316 16317 7ff7cfbc4b23 16316->16317 16317->14576 16319 7ff7cfbc7490 16 API calls 16318->16319 16322 7ff7cfbc4b5c 16319->16322 16320 7ff7cfbc2760 18 API calls 16321 7ff7cfbc4cd7 16320->16321 16321->14576 16323 7ff7cfbc4c03 16322->16323 16324 7ff7cfbc4bde 16322->16324 16336 7ff7cfbc4b61 16322->16336 16325 7ff7cfbc7490 16 API calls 16323->16325 16326 7ff7cfbc2760 18 API calls 16324->16326 16328 7ff7cfbc4c1c 16325->16328 16327 7ff7cfbc4bf3 16326->16327 16327->14576 16328->16336 16480 7ff7cfbc48d0 16328->16480 16332 7ff7cfbc4c6d 16333 7ff7cfbc4ca4 16332->16333 16334 7ff7cfbcf95c __vcrt_freefls 14 API calls 16332->16334 16332->16336 16335 7ff7cfbcf95c __vcrt_freefls 14 API calls 16333->16335 16334->16332 16335->16336 16336->16320 16337 7ff7cfbc4cc0 16336->16337 16337->14576 16339 7ff7cfbc4557 16338->16339 16339->16339 16340 7ff7cfbc4579 16339->16340 16343 7ff7cfbc4590 16339->16343 16341 7ff7cfbc2760 18 API calls 16340->16341 16342 7ff7cfbc4585 16341->16342 16342->14578 16344 7ff7cfbc1770 18 API calls 16343->16344 16345 7ff7cfbc12b0 105 API calls 16343->16345 16346 7ff7cfbc465d 16343->16346 16347 7ff7cfbc2760 18 API calls 16343->16347 16348 7ff7cfbcf95c __vcrt_freefls 14 API calls 16343->16348 16344->16343 16345->16343 16346->14578 16347->16343 16348->16343 16351 7ff7cfbc474d 16349->16351 16353 7ff7cfbc468b 16349->16353 16350 7ff7cfbc1770 18 API calls 16350->16353 16351->14580 16352 7ff7cfbc2760 18 API calls 16352->16353 16353->16350 16353->16351 16353->16352 16355 7ff7cfbc23d9 16354->16355 16356 7ff7cfbc23cc 16354->16356 16357 7ff7cfbc23ee 16355->16357 16359 7ff7cfbc7490 16 API calls 16355->16359 16358 7ff7cfbc7490 16 API calls 16356->16358 16360 7ff7cfbc2403 16357->16360 16361 7ff7cfbc7490 16 API calls 16357->16361 16358->16355 16359->16357 16562 7ff7cfbc2230 16360->16562 16361->16360 16364 7ff7cfbcf95c __vcrt_freefls 14 API calls 16365 7ff7cfbc2429 16364->16365 16366 7ff7cfbcf95c __vcrt_freefls 14 API calls 16365->16366 16367 7ff7cfbc2431 16366->16367 16368 7ff7cfbcf95c __vcrt_freefls 14 API calls 16367->16368 16369 7ff7cfbc2439 16368->16369 16369->14606 16371 7ff7cfbc3aea 16370->16371 16372 7ff7cfbc7490 16 API calls 16371->16372 16373 7ff7cfbc3b12 16372->16373 16374 7ff7cfbca5f0 _handle_error 8 API calls 16373->16374 16375 7ff7cfbc3b3a 16374->16375 16375->16297 16375->16310 16377 7ff7cfbc3cd0 GetProcAddress 16376->16377 16379 7ff7cfbc3cb2 16376->16379 16378 7ff7cfbc3cf5 GetProcAddress 16377->16378 16377->16379 16378->16379 16380 7ff7cfbc3d1a GetProcAddress 16378->16380 16381 7ff7cfbc2610 16 API calls 16379->16381 16380->16379 16382 7ff7cfbc3d42 GetProcAddress 16380->16382 16383 7ff7cfbc3cc5 16381->16383 16382->16379 16384 7ff7cfbc3d6a GetProcAddress 16382->16384 16383->16294 16384->16379 16385 7ff7cfbc3d92 GetProcAddress 16384->16385 16385->16379 16386 7ff7cfbc3dba GetProcAddress 16385->16386 16387 7ff7cfbc3de2 GetProcAddress 16386->16387 16388 7ff7cfbc3dd6 16386->16388 16389 7ff7cfbc3e0a GetProcAddress 16387->16389 16390 7ff7cfbc3dfe 16387->16390 16388->16387 16391 7ff7cfbc3e32 GetProcAddress 16389->16391 16392 7ff7cfbc3e26 16389->16392 16390->16389 16393 7ff7cfbc3e5a GetProcAddress 16391->16393 16394 7ff7cfbc3e4e 16391->16394 16392->16391 16395 7ff7cfbc3e82 GetProcAddress 16393->16395 16396 7ff7cfbc3e76 16393->16396 16394->16393 16397 7ff7cfbc3eaa GetProcAddress 16395->16397 16398 7ff7cfbc3e9e 16395->16398 16396->16395 16399 7ff7cfbc3ed2 GetProcAddress 16397->16399 16400 7ff7cfbc3ec6 16397->16400 16398->16397 16401 7ff7cfbc3efa GetProcAddress 16399->16401 16402 7ff7cfbc3eee 16399->16402 16400->16399 16403 7ff7cfbc3f22 GetProcAddress 16401->16403 16404 7ff7cfbc3f16 16401->16404 16402->16401 16405 7ff7cfbc3f4a GetProcAddress 16403->16405 16406 7ff7cfbc3f3e 16403->16406 16404->16403 16407 7ff7cfbc3f72 GetProcAddress 16405->16407 16408 7ff7cfbc3f66 16405->16408 16406->16405 16409 7ff7cfbc3f9a GetProcAddress 16407->16409 16410 7ff7cfbc3f8e 16407->16410 16408->16407 16411 7ff7cfbc3fc2 GetProcAddress 16409->16411 16412 7ff7cfbc3fb6 16409->16412 16410->16409 16413 7ff7cfbc3fea GetProcAddress 16411->16413 16414 7ff7cfbc3fde 16411->16414 16412->16411 16415 7ff7cfbc4012 GetProcAddress 16413->16415 16416 7ff7cfbc4006 16413->16416 16414->16413 16417 7ff7cfbc403a GetProcAddress 16415->16417 16418 7ff7cfbc402e 16415->16418 16416->16415 16419 7ff7cfbc4062 GetProcAddress 16417->16419 16420 7ff7cfbc4056 16417->16420 16418->16417 16421 7ff7cfbc408a GetProcAddress 16419->16421 16422 7ff7cfbc407e 16419->16422 16420->16419 16423 7ff7cfbc40b2 GetProcAddress 16421->16423 16424 7ff7cfbc40a6 16421->16424 16422->16421 16425 7ff7cfbc40da GetProcAddress 16423->16425 16426 7ff7cfbc40ce 16423->16426 16424->16423 16427 7ff7cfbc4102 GetProcAddress 16425->16427 16428 7ff7cfbc40f6 16425->16428 16426->16425 16429 7ff7cfbc412a GetProcAddress 16427->16429 16430 7ff7cfbc411e 16427->16430 16428->16427 16431 7ff7cfbc4152 GetProcAddress 16429->16431 16432 7ff7cfbc4146 16429->16432 16430->16429 16433 7ff7cfbc417a GetProcAddress 16431->16433 16434 7ff7cfbc416e 16431->16434 16432->16431 16435 7ff7cfbc41a2 GetProcAddress 16433->16435 16436 7ff7cfbc4196 16433->16436 16434->16433 16437 7ff7cfbc41ca GetProcAddress 16435->16437 16438 7ff7cfbc41be 16435->16438 16436->16435 16439 7ff7cfbc41f2 GetProcAddress 16437->16439 16440 7ff7cfbc41e6 16437->16440 16438->16437 16441 7ff7cfbc421a GetProcAddress 16439->16441 16442 7ff7cfbc420e 16439->16442 16440->16439 16443 7ff7cfbc4242 GetProcAddress 16441->16443 16444 7ff7cfbc4236 16441->16444 16442->16441 16445 7ff7cfbc426a GetProcAddress 16443->16445 16446 7ff7cfbc425e 16443->16446 16444->16443 16447 7ff7cfbc4292 GetProcAddress 16445->16447 16448 7ff7cfbc4286 16445->16448 16446->16445 16449 7ff7cfbc42ba GetProcAddress 16447->16449 16450 7ff7cfbc42ae 16447->16450 16448->16447 16451 7ff7cfbc42e2 GetProcAddress 16449->16451 16452 7ff7cfbc42d6 16449->16452 16450->16449 16453 7ff7cfbc430a GetProcAddress 16451->16453 16454 7ff7cfbc42fe 16451->16454 16452->16451 16455 7ff7cfbc4332 GetProcAddress 16453->16455 16456 7ff7cfbc4326 16453->16456 16454->16453 16457 7ff7cfbc435a GetProcAddress 16455->16457 16458 7ff7cfbc434e 16455->16458 16456->16455 16459 7ff7cfbc4382 GetProcAddress 16457->16459 16460 7ff7cfbc4376 16457->16460 16458->16457 16461 7ff7cfbc43aa GetProcAddress 16459->16461 16462 7ff7cfbc439e 16459->16462 16460->16459 16463 7ff7cfbc43d2 GetProcAddress 16461->16463 16464 7ff7cfbc43c6 16461->16464 16462->16461 16465 7ff7cfbc43fa GetProcAddress 16463->16465 16466 7ff7cfbc43ee 16463->16466 16464->16463 16467 7ff7cfbc4422 GetProcAddress 16465->16467 16468 7ff7cfbc4416 16465->16468 16466->16465 16469 7ff7cfbc444a GetProcAddress 16467->16469 16470 7ff7cfbc443e 16467->16470 16468->16467 16471 7ff7cfbc4472 GetProcAddress 16469->16471 16472 7ff7cfbc4466 16469->16472 16470->16469 16473 7ff7cfbc449a GetProcAddress 16471->16473 16474 7ff7cfbc448e 16471->16474 16472->16471 16475 7ff7cfbc44c2 GetProcAddress 16473->16475 16476 7ff7cfbc44b6 16473->16476 16474->16473 16477 7ff7cfbc44ea GetProcAddress 16475->16477 16478 7ff7cfbc44de 16475->16478 16476->16475 16479 7ff7cfbc4506 16477->16479 16478->16477 16479->16294 16486 7ff7cfbc48ea mbstowcs 16480->16486 16481 7ff7cfbc4a96 16482 7ff7cfbca5f0 _handle_error 8 API calls 16481->16482 16483 7ff7cfbc4ab5 16482->16483 16506 7ff7cfbc7690 16483->16506 16484 7ff7cfbc1770 18 API calls 16484->16486 16485 7ff7cfbc49f8 16485->16481 16487 7ff7cfbd4c20 _fread_nolock 30 API calls 16485->16487 16486->16481 16486->16484 16486->16485 16489 7ff7cfbc4ace 16486->16489 16488 7ff7cfbc4a0f 16487->16488 16517 7ff7cfbd0f20 16488->16517 16491 7ff7cfbc2760 18 API calls 16489->16491 16491->16481 16492 7ff7cfbc4a1b 16493 7ff7cfbd4c20 _fread_nolock 30 API calls 16492->16493 16494 7ff7cfbc4a2d 16493->16494 16495 7ff7cfbd0f20 32 API calls 16494->16495 16496 7ff7cfbc4a39 16495->16496 16536 7ff7cfbd13f0 16496->16536 16498 7ff7cfbc4a4b 16499 7ff7cfbd13f0 63 API calls 16498->16499 16500 7ff7cfbc4a5d 16499->16500 16501 7ff7cfbd06c8 61 API calls 16500->16501 16502 7ff7cfbc4a6e 16501->16502 16503 7ff7cfbd06c8 61 API calls 16502->16503 16504 7ff7cfbc4a82 16503->16504 16505 7ff7cfbd06c8 61 API calls 16504->16505 16505->16481 16507 7ff7cfbc76af 16506->16507 16508 7ff7cfbc76b7 16507->16508 16509 7ff7cfbc7700 MultiByteToWideChar 16507->16509 16510 7ff7cfbc778c 16507->16510 16511 7ff7cfbc7748 MultiByteToWideChar 16507->16511 16508->16332 16509->16507 16509->16510 16512 7ff7cfbc2610 16 API calls 16510->16512 16511->16507 16511->16510 16513 7ff7cfbc77b8 16512->16513 16514 7ff7cfbc77d1 16513->16514 16516 7ff7cfbcf95c __vcrt_freefls 14 API calls 16513->16516 16515 7ff7cfbcf95c __vcrt_freefls 14 API calls 16514->16515 16515->16508 16516->16513 16518 7ff7cfbd0f79 16517->16518 16519 7ff7cfbd0f49 16517->16519 16520 7ff7cfbd0f8b 16518->16520 16521 7ff7cfbd0f7e 16518->16521 16519->16518 16527 7ff7cfbd0f69 16519->16527 16522 7ff7cfbd0ff4 16520->16522 16526 7ff7cfbd0fbb 16520->16526 16523 7ff7cfbcfc70 _get_daylight 13 API calls 16521->16523 16524 7ff7cfbcfc70 _get_daylight 13 API calls 16522->16524 16535 7ff7cfbd0f83 16523->16535 16525 7ff7cfbd0f6e 16524->16525 16530 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16525->16530 16542 7ff7cfbd2284 EnterCriticalSection 16526->16542 16529 7ff7cfbcfc70 _get_daylight 13 API calls 16527->16529 16529->16525 16530->16535 16535->16492 16537 7ff7cfbd13fe 16536->16537 16539 7ff7cfbd1405 16536->16539 16543 7ff7cfbd12c0 16537->16543 16540 7ff7cfbd1403 16539->16540 16546 7ff7cfbd1280 16539->16546 16540->16498 16553 7ff7cfbd11a0 16543->16553 16561 7ff7cfbcfba0 EnterCriticalSection 16546->16561 16560 7ff7cfbdaf44 EnterCriticalSection 16553->16560 16563 7ff7cfbca620 16562->16563 16564 7ff7cfbc2249 GetModuleHandleW 16563->16564 16565 7ff7cfbc2285 __scrt_get_show_window_mode 16564->16565 16566 7ff7cfbd15d4 30 API calls 16565->16566 16567 7ff7cfbc22ef 16566->16567 16568 7ff7cfbd15d4 30 API calls 16567->16568 16569 7ff7cfbc22fc 16568->16569 16570 7ff7cfbd15d4 30 API calls 16569->16570 16571 7ff7cfbc2309 DialogBoxIndirectParamW 16570->16571 16572 7ff7cfbcf95c __vcrt_freefls 14 API calls 16571->16572 16573 7ff7cfbc233f 16572->16573 16574 7ff7cfbcf95c __vcrt_freefls 14 API calls 16573->16574 16575 7ff7cfbc2349 16574->16575 16576 7ff7cfbcf95c __vcrt_freefls 14 API calls 16575->16576 16577 7ff7cfbc2353 16576->16577 16578 7ff7cfbc235f DeleteObject 16577->16578 16579 7ff7cfbc2365 16577->16579 16578->16579 16580 7ff7cfbc2371 DestroyIcon 16579->16580 16581 7ff7cfbc2377 16579->16581 16580->16581 16582 7ff7cfbca5f0 _handle_error 8 API calls 16581->16582 16583 7ff7cfbc2388 16582->16583 16583->16364 16585 7ff7cfbcfb4f 16584->16585 16593 7ff7cfbd9c3c 16585->16593 16606 7ff7cfbdaf44 EnterCriticalSection 16593->16606 16608 7ff7cfbd84e4 33 API calls 16607->16608 16609 7ff7cfbd4b89 16608->16609 16610 7ff7cfbd4ca8 33 API calls 16609->16610 16611 7ff7cfbd4b9f 16610->16611 18479 7ff7cfbd2650 18484 7ff7cfbdaf44 EnterCriticalSection 18479->18484 16738 7ff7cfbd69cc 16739 7ff7cfbd69f5 16738->16739 16740 7ff7cfbd6a0d 16738->16740 16741 7ff7cfbcfc50 _fread_nolock 13 API calls 16739->16741 16742 7ff7cfbd6a87 16740->16742 16746 7ff7cfbd6a3e 16740->16746 16743 7ff7cfbd69fa 16741->16743 16744 7ff7cfbcfc50 _fread_nolock 13 API calls 16742->16744 16745 7ff7cfbcfc70 _get_daylight 13 API calls 16743->16745 16747 7ff7cfbd6a8c 16744->16747 16761 7ff7cfbd6a02 16745->16761 16762 7ff7cfbd2284 EnterCriticalSection 16746->16762 16749 7ff7cfbcfc70 _get_daylight 13 API calls 16747->16749 16751 7ff7cfbd6a94 16749->16751 16754 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16751->16754 16754->16761 16988 7ff7cfbe43cb 16989 7ff7cfbe43e4 16988->16989 16990 7ff7cfbe43da 16988->16990 16992 7ff7cfbdaf98 LeaveCriticalSection 16990->16992 16815 7ff7cfbd3048 16816 7ff7cfbd305f 16815->16816 16817 7ff7cfbd307e 16815->16817 16818 7ff7cfbcfc70 _get_daylight 13 API calls 16816->16818 16827 7ff7cfbcfba0 EnterCriticalSection 16817->16827 16820 7ff7cfbd3064 16818->16820 16822 7ff7cfbd5964 _invalid_parameter_noinfo 30 API calls 16820->16822 16825 7ff7cfbd306f 16822->16825

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 00007FF7CFBE0010 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 280timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 136 7ff7cfbe0010-7ff7cfbe0050 call 7ff7cfbdf9a0 call 7ff7cfbdf9a8 call 7ff7cfbdfa10 143 7ff7cfbe0056-7ff7cfbe0061 call 7ff7cfbdf9b0 136->143 144 7ff7cfbe028e-7ff7cfbe02d9 call 7ff7cfbd5984 call 7ff7cfbdf9a0 call 7ff7cfbdf9a8 call 7ff7cfbdfa10 136->144 143->144 150 7ff7cfbe0067-7ff7cfbe0071 143->150 169 7ff7cfbe02df-7ff7cfbe02ea call 7ff7cfbdf9b0 144->169 170 7ff7cfbe0417-7ff7cfbe0485 call 7ff7cfbd5984 call 7ff7cfbdbd60 144->170 152 7ff7cfbe0073-7ff7cfbe0076 150->152 153 7ff7cfbe0097-7ff7cfbe009b 150->153 154 7ff7cfbe0079-7ff7cfbe0084 152->154 155 7ff7cfbe009e-7ff7cfbe00a6 153->155 157 7ff7cfbe0086-7ff7cfbe008d 154->157 158 7ff7cfbe008f-7ff7cfbe0091 154->158 155->155 159 7ff7cfbe00a8-7ff7cfbe00bb call 7ff7cfbd7d90 155->159 157->154 157->158 158->153 161 7ff7cfbe0279-7ff7cfbe028d 158->161 166 7ff7cfbe0271-7ff7cfbe0274 call 7ff7cfbd59cc 159->166 167 7ff7cfbe00c1-7ff7cfbe00d3 call 7ff7cfbd59cc 159->167 166->161 178 7ff7cfbe00da-7ff7cfbe00e2 167->178 169->170 179 7ff7cfbe02f0-7ff7cfbe02fb call 7ff7cfbdf9e0 169->179 189 7ff7cfbe048e-7ff7cfbe0491 170->189 190 7ff7cfbe0487-7ff7cfbe048c 170->190 178->178 181 7ff7cfbe00e4-7ff7cfbe00f2 call 7ff7cfbdb0d4 178->181 179->170 188 7ff7cfbe0301-7ff7cfbe0324 call 7ff7cfbd59cc GetTimeZoneInformation 179->188 181->144 191 7ff7cfbe00f8-7ff7cfbe0151 call 7ff7cfbcba40 * 4 call 7ff7cfbdff2c 181->191 203 7ff7cfbe03ec-7ff7cfbe0416 call 7ff7cfbdf998 call 7ff7cfbdf988 call 7ff7cfbdf990 188->203 204 7ff7cfbe032a-7ff7cfbe034b 188->204 195 7ff7cfbe0493-7ff7cfbe0496 189->195 196 7ff7cfbe0498-7ff7cfbe04ab call 7ff7cfbd7d90 189->196 194 7ff7cfbe04df-7ff7cfbe04f1 190->194 249 7ff7cfbe0153-7ff7cfbe0157 191->249 199 7ff7cfbe04f3-7ff7cfbe04f6 194->199 200 7ff7cfbe0502 call 7ff7cfbe02a4 194->200 195->194 213 7ff7cfbe04b6-7ff7cfbe04d1 call 7ff7cfbdbd60 196->213 214 7ff7cfbe04ad 196->214 199->200 205 7ff7cfbe04f8-7ff7cfbe0500 call 7ff7cfbe0010 199->205 215 7ff7cfbe0507-7ff7cfbe0533 call 7ff7cfbd59cc call 7ff7cfbca5f0 200->215 209 7ff7cfbe0356-7ff7cfbe035d 204->209 210 7ff7cfbe034d-7ff7cfbe0353 204->210 205->215 219 7ff7cfbe035f-7ff7cfbe0367 209->219 220 7ff7cfbe0371 209->220 210->209 235 7ff7cfbe04d3-7ff7cfbe04d6 213->235 236 7ff7cfbe04d8-7ff7cfbe04da call 7ff7cfbd59cc 213->236 223 7ff7cfbe04af-7ff7cfbe04b4 call 7ff7cfbd59cc 214->223 219->220 229 7ff7cfbe0369-7ff7cfbe036f 219->229 230 7ff7cfbe0373-7ff7cfbe03e7 call 7ff7cfbcba40 * 4 call 7ff7cfbdd20c call 7ff7cfbe0534 * 2 220->230 223->195 229->230 230->203 235->223 236->194 251 7ff7cfbe015d-7ff7cfbe0161 249->251 252 7ff7cfbe0159 249->252 251->249 254 7ff7cfbe0163-7ff7cfbe018a call 7ff7cfbd7e1c 251->254 252->251 259 7ff7cfbe018d-7ff7cfbe0191 254->259 261 7ff7cfbe0193-7ff7cfbe019e 259->261 262 7ff7cfbe01a0-7ff7cfbe01a4 259->262 261->262 264 7ff7cfbe01a6-7ff7cfbe01aa 261->264 262->259 266 7ff7cfbe01ac-7ff7cfbe01d4 call 7ff7cfbd7e1c 264->266 267 7ff7cfbe022b-7ff7cfbe0230 264->267 277 7ff7cfbe01d6 266->277 278 7ff7cfbe01f2-7ff7cfbe01f6 266->278 269 7ff7cfbe0232-7ff7cfbe0234 267->269 270 7ff7cfbe0237-7ff7cfbe0244 267->270 269->270 272 7ff7cfbe0246-7ff7cfbe025d call 7ff7cfbdff2c 270->272 273 7ff7cfbe0260-7ff7cfbe026f call 7ff7cfbdf998 call 7ff7cfbdf988 270->273 272->273 273->166 279 7ff7cfbe01d9-7ff7cfbe01e0 277->279 278->267 281 7ff7cfbe01f8-7ff7cfbe0216 call 7ff7cfbd7e1c 278->281 279->278 283 7ff7cfbe01e2-7ff7cfbe01f0 279->283 288 7ff7cfbe0222-7ff7cfbe0229 281->288 283->278 283->279 288->267 289 7ff7cfbe0218-7ff7cfbe021c 288->289 289->267 290 7ff7cfbe021e 289->290 290->288
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                            • API String ID: 435049134-239921721
                                                                                                                                                                                                                            • Opcode ID: 9bec62602e1f5f11d5518c5534769fbe8fcb7518b4c397ffd2447f27228b241d
                                                                                                                                                                                                                            • Instruction ID: 64556f7b9265993629f894aab7b3c0bd33b3571db0ff3e60487398c19147f943
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bec62602e1f5f11d5518c5534769fbe8fcb7518b4c397ffd2447f27228b241d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21B1A326B0828286E724FF32D5416FAE761AF847E4F849136EE4D4769ADF3CE4418770
                                                                                                                                                                                                                            Function 00007FF7CFBC62D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,00000000,?,00007FF7CFBC629D), ref: 00007FF7CFBC636A
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: GetEnvironmentVariableW.KERNEL32(00007FF7CFBC3589), ref: 00007FF7CFBC651A
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7CFBC6537
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD1D4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD1D65
                                                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7CFBC6421
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2760: MessageBoxW.USER32 ref: 00007FF7CFBC2831
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                            • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                            • Opcode ID: e0fc5fc0a9505505eec6e94ebc594a3a46de498213da3a74cba9ac0366032f39
                                                                                                                                                                                                                            • Instruction ID: e1f6a983b0caa72cbd7212302db8e7ff7ad608e3290bdab3451c005e27422a8f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0fc5fc0a9505505eec6e94ebc594a3a46de498213da3a74cba9ac0366032f39
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39515C11B0968341FA54BF32A9656FBE2525F89BE0FD45036ED0E87B9AEF2CE5014330
                                                                                                                                                                                                                            Function 00007FF7CFBE02A4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 781 7ff7cfbe02a4-7ff7cfbe02d9 call 7ff7cfbdf9a0 call 7ff7cfbdf9a8 call 7ff7cfbdfa10 788 7ff7cfbe02df-7ff7cfbe02ea call 7ff7cfbdf9b0 781->788 789 7ff7cfbe0417-7ff7cfbe0485 call 7ff7cfbd5984 call 7ff7cfbdbd60 781->789 788->789 794 7ff7cfbe02f0-7ff7cfbe02fb call 7ff7cfbdf9e0 788->794 801 7ff7cfbe048e-7ff7cfbe0491 789->801 802 7ff7cfbe0487-7ff7cfbe048c 789->802 794->789 800 7ff7cfbe0301-7ff7cfbe0324 call 7ff7cfbd59cc GetTimeZoneInformation 794->800 811 7ff7cfbe03ec-7ff7cfbe0416 call 7ff7cfbdf998 call 7ff7cfbdf988 call 7ff7cfbdf990 800->811 812 7ff7cfbe032a-7ff7cfbe034b 800->812 805 7ff7cfbe0493-7ff7cfbe0496 801->805 806 7ff7cfbe0498-7ff7cfbe04ab call 7ff7cfbd7d90 801->806 804 7ff7cfbe04df-7ff7cfbe04f1 802->804 808 7ff7cfbe04f3-7ff7cfbe04f6 804->808 809 7ff7cfbe0502 call 7ff7cfbe02a4 804->809 805->804 820 7ff7cfbe04b6-7ff7cfbe04d1 call 7ff7cfbdbd60 806->820 821 7ff7cfbe04ad 806->821 808->809 813 7ff7cfbe04f8-7ff7cfbe0500 call 7ff7cfbe0010 808->813 822 7ff7cfbe0507-7ff7cfbe0533 call 7ff7cfbd59cc call 7ff7cfbca5f0 809->822 816 7ff7cfbe0356-7ff7cfbe035d 812->816 817 7ff7cfbe034d-7ff7cfbe0353 812->817 813->822 825 7ff7cfbe035f-7ff7cfbe0367 816->825 826 7ff7cfbe0371 816->826 817->816 840 7ff7cfbe04d3-7ff7cfbe04d6 820->840 841 7ff7cfbe04d8-7ff7cfbe04da call 7ff7cfbd59cc 820->841 829 7ff7cfbe04af-7ff7cfbe04b4 call 7ff7cfbd59cc 821->829 825->826 834 7ff7cfbe0369-7ff7cfbe036f 825->834 835 7ff7cfbe0373-7ff7cfbe03e7 call 7ff7cfbcba40 * 4 call 7ff7cfbdd20c call 7ff7cfbe0534 * 2 826->835 829->805 834->835 835->811 840->829 841->804
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$FreeHeapInformationTimeZone
                                                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                            • API String ID: 428190724-239921721
                                                                                                                                                                                                                            • Opcode ID: 991ec177f6e1268ff1c6fdd0bda18aa564af9589b657b41e8cd1882536a8d1ec
                                                                                                                                                                                                                            • Instruction ID: 415dddcc7ce1a2d62f63037a26d0fcbc73a13e7b5df11f150d8320547f606000
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 991ec177f6e1268ff1c6fdd0bda18aa564af9589b657b41e8cd1882536a8d1ec
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46615E36A1868286E724FF31E9815E9E760FF487A4FC45136EA4D4369ADF3CE4018770
                                                                                                                                                                                                                            Function 00007FF7CFBC17A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2153230061-4158440160
                                                                                                                                                                                                                            • Opcode ID: 3c9af0613730622aed22e24cc833a72abfeef31f4099e47fb59f7612c029cf9e
                                                                                                                                                                                                                            • Instruction ID: 78926712217d61be2f45686990755ef5efb91d291e6c3d95c6932434e301b493
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c9af0613730622aed22e24cc833a72abfeef31f4099e47fb59f7612c029cf9e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C518571A09A8286EB54EF38D4502B9B3A0FF48B68BD18136DA0D87399DF7CE445C770
                                                                                                                                                                                                                            Function 00007FF7CFBC1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 53 7ff7cfbc1440-7ff7cfbc1457 call 7ff7cfbc6270 56 7ff7cfbc1462-7ff7cfbc1485 call 7ff7cfbc6590 53->56 57 7ff7cfbc1459-7ff7cfbc1461 53->57 60 7ff7cfbc14a7-7ff7cfbc14ad 56->60 61 7ff7cfbc1487-7ff7cfbc14a2 call 7ff7cfbc24c0 56->61 63 7ff7cfbc14e0-7ff7cfbc14f4 call 7ff7cfbcceb0 60->63 64 7ff7cfbc14af-7ff7cfbc14ba call 7ff7cfbc3b50 60->64 69 7ff7cfbc1635-7ff7cfbc1647 61->69 71 7ff7cfbc1516-7ff7cfbc151a 63->71 72 7ff7cfbc14f6-7ff7cfbc1511 call 7ff7cfbc24c0 63->72 70 7ff7cfbc14bf-7ff7cfbc14c5 64->70 70->63 73 7ff7cfbc14c7-7ff7cfbc14db call 7ff7cfbc2760 70->73 75 7ff7cfbc1534-7ff7cfbc1554 call 7ff7cfbcf970 71->75 76 7ff7cfbc151c-7ff7cfbc1528 call 7ff7cfbc1050 71->76 82 7ff7cfbc1617-7ff7cfbc161d 72->82 73->82 87 7ff7cfbc1556-7ff7cfbc1570 call 7ff7cfbc24c0 75->87 88 7ff7cfbc1575-7ff7cfbc157b 75->88 83 7ff7cfbc152d-7ff7cfbc152f 76->83 85 7ff7cfbc161f call 7ff7cfbcc8c4 82->85 86 7ff7cfbc162b-7ff7cfbc162e call 7ff7cfbcc8c4 82->86 83->82 96 7ff7cfbc1624 85->96 97 7ff7cfbc1633 86->97 99 7ff7cfbc160d-7ff7cfbc1612 87->99 89 7ff7cfbc1581-7ff7cfbc1586 88->89 90 7ff7cfbc1605-7ff7cfbc1608 call 7ff7cfbcf95c 88->90 95 7ff7cfbc1590-7ff7cfbc15b2 call 7ff7cfbccbe0 89->95 90->99 102 7ff7cfbc15e5-7ff7cfbc15ec 95->102 103 7ff7cfbc15b4-7ff7cfbc15cc call 7ff7cfbcd108 95->103 96->86 97->69 99->82 105 7ff7cfbc15f3-7ff7cfbc15fb call 7ff7cfbc24c0 102->105 108 7ff7cfbc15d5-7ff7cfbc15e3 103->108 109 7ff7cfbc15ce-7ff7cfbc15d1 103->109 112 7ff7cfbc1600 105->112 108->105 109->95 111 7ff7cfbc15d3 109->111 111->112 112->90
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                            • API String ID: 0-666925554
                                                                                                                                                                                                                            • Opcode ID: 8bbdcbb88e8208548ed08c3b3cf3e711a9d448367c1928fadb7dcc785e8f39a8
                                                                                                                                                                                                                            • Instruction ID: 64551da57b9686d35efdaf3f18b52b072bb02f7e4aa70ddbf47c3671a66ec4f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bbdcbb88e8208548ed08c3b3cf3e711a9d448367c1928fadb7dcc785e8f39a8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0517761A08AC286EA10FF31A9106FAE360AF45BB4FC54531DE5D476A6EF3CE5458330
                                                                                                                                                                                                                            Function 00007FF7CFBC7300 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                            • API String ID: 4998090-2855260032
                                                                                                                                                                                                                            • Opcode ID: f515d8a4910595a1e5bf26f4997a76020f6f15d78e07488f804649bbdff88515
                                                                                                                                                                                                                            • Instruction ID: 22b860299151b9d5b7709c5e05330158a448e5c8fa9ce6a41bbac2c924c5ea6c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f515d8a4910595a1e5bf26f4997a76020f6f15d78e07488f804649bbdff88515
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46415E316186C282EB50AF71E8547EAA361FF847B4F940231EA5E86699DF7CE448C770
                                                                                                                                                                                                                            Function 00007FF7CFBE0F7C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 291 7ff7cfbe0f7c-7ff7cfbe0fef call 7ff7cfbe0cac 294 7ff7cfbe0ff1-7ff7cfbe0ffa call 7ff7cfbcfc50 291->294 295 7ff7cfbe1009-7ff7cfbe1013 call 7ff7cfbd2394 291->295 300 7ff7cfbe0ffd-7ff7cfbe1004 call 7ff7cfbcfc70 294->300 301 7ff7cfbe1015-7ff7cfbe102c call 7ff7cfbcfc50 call 7ff7cfbcfc70 295->301 302 7ff7cfbe102e-7ff7cfbe1097 CreateFileW 295->302 318 7ff7cfbe1342-7ff7cfbe1362 300->318 301->300 304 7ff7cfbe1114-7ff7cfbe111f GetFileType 302->304 305 7ff7cfbe1099-7ff7cfbe109f 302->305 311 7ff7cfbe1172-7ff7cfbe1179 304->311 312 7ff7cfbe1121-7ff7cfbe115c GetLastError call 7ff7cfbcfc00 CloseHandle 304->312 308 7ff7cfbe10e1-7ff7cfbe110f GetLastError call 7ff7cfbcfc00 305->308 309 7ff7cfbe10a1-7ff7cfbe10a5 305->309 308->300 309->308 316 7ff7cfbe10a7-7ff7cfbe10df CreateFileW 309->316 314 7ff7cfbe1181-7ff7cfbe1184 311->314 315 7ff7cfbe117b-7ff7cfbe117f 311->315 312->300 326 7ff7cfbe1162-7ff7cfbe116d call 7ff7cfbcfc70 312->326 321 7ff7cfbe118a-7ff7cfbe11db call 7ff7cfbd22ac 314->321 322 7ff7cfbe1186 314->322 315->321 316->304 316->308 330 7ff7cfbe11dd-7ff7cfbe11e9 call 7ff7cfbe0eb8 321->330 331 7ff7cfbe11fa-7ff7cfbe122a call 7ff7cfbe0a18 321->331 322->321 326->300 330->331 338 7ff7cfbe11eb 330->338 336 7ff7cfbe122c-7ff7cfbe126f 331->336 337 7ff7cfbe11ed-7ff7cfbe11f5 call 7ff7cfbd5b24 331->337 339 7ff7cfbe1291-7ff7cfbe129c 336->339 340 7ff7cfbe1271-7ff7cfbe1275 336->340 337->318 338->337 343 7ff7cfbe1340 339->343 344 7ff7cfbe12a2-7ff7cfbe12a6 339->344 340->339 342 7ff7cfbe1277-7ff7cfbe128c 340->342 342->339 343->318 344->343 346 7ff7cfbe12ac-7ff7cfbe12f1 CloseHandle CreateFileW 344->346 347 7ff7cfbe12f3-7ff7cfbe1321 GetLastError call 7ff7cfbcfc00 call 7ff7cfbd24d4 346->347 348 7ff7cfbe1326-7ff7cfbe133b 346->348 347->348 348->343
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1330151763-0
                                                                                                                                                                                                                            • Opcode ID: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                            • Instruction ID: a0bb24525948da5863d04ed0cce3c25b3a0a345fadf0046cac91ad5724bb62da
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07C1A036B24A8286EB10EF78D4902ED7761FB49BA8B914225DE1E977D5CF38D452C320
                                                                                                                                                                                                                            Function 00007FF7CFBC1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 353 7ff7cfbc1000-7ff7cfbc3528 call 7ff7cfbcc838 call 7ff7cfbcc830 call 7ff7cfbc70f0 call 7ff7cfbcc830 call 7ff7cfbca620 call 7ff7cfbcfb30 call 7ff7cfbd06c8 call 7ff7cfbc1ae0 371 7ff7cfbc352e-7ff7cfbc353d call 7ff7cfbc3a40 353->371 372 7ff7cfbc363c 353->372 371->372 377 7ff7cfbc3543-7ff7cfbc3556 call 7ff7cfbc3910 371->377 374 7ff7cfbc3641-7ff7cfbc3661 call 7ff7cfbca5f0 372->374 377->372 381 7ff7cfbc355c-7ff7cfbc356f call 7ff7cfbc39c0 377->381 381->372 384 7ff7cfbc3575-7ff7cfbc359c call 7ff7cfbc64e0 381->384 387 7ff7cfbc35de-7ff7cfbc3606 call 7ff7cfbc6a80 call 7ff7cfbc19c0 384->387 388 7ff7cfbc359e-7ff7cfbc35ad call 7ff7cfbc64e0 384->388 399 7ff7cfbc36ef-7ff7cfbc3700 387->399 400 7ff7cfbc360c-7ff7cfbc3622 call 7ff7cfbc19c0 387->400 388->387 393 7ff7cfbc35af-7ff7cfbc35b5 388->393 395 7ff7cfbc35c1-7ff7cfbc35db call 7ff7cfbcf95c call 7ff7cfbc6a80 393->395 396 7ff7cfbc35b7-7ff7cfbc35bf 393->396 395->387 396->395 403 7ff7cfbc3702-7ff7cfbc370c call 7ff7cfbc3040 399->403 404 7ff7cfbc3715-7ff7cfbc372d call 7ff7cfbc7490 399->404 409 7ff7cfbc3662-7ff7cfbc3665 400->409 410 7ff7cfbc3624-7ff7cfbc3637 call 7ff7cfbc2760 400->410 416 7ff7cfbc370e 403->416 417 7ff7cfbc374d-7ff7cfbc375a call 7ff7cfbc59d0 403->417 418 7ff7cfbc3740-7ff7cfbc3747 SetDllDirectoryW 404->418 419 7ff7cfbc372f-7ff7cfbc373b call 7ff7cfbc2760 404->419 409->399 415 7ff7cfbc366b-7ff7cfbc3682 call 7ff7cfbc3b50 409->415 410->372 428 7ff7cfbc3684-7ff7cfbc3687 415->428 429 7ff7cfbc3689-7ff7cfbc36b5 call 7ff7cfbc6cf0 415->429 416->404 426 7ff7cfbc37a8-7ff7cfbc37ad call 7ff7cfbc5950 417->426 427 7ff7cfbc375c-7ff7cfbc376c call 7ff7cfbc56b0 417->427 418->417 419->372 435 7ff7cfbc37b2-7ff7cfbc37b5 426->435 427->426 443 7ff7cfbc376e-7ff7cfbc377d call 7ff7cfbc5260 427->443 432 7ff7cfbc36c4-7ff7cfbc36da call 7ff7cfbc2760 428->432 438 7ff7cfbc36df-7ff7cfbc36ed 429->438 439 7ff7cfbc36b7-7ff7cfbc36bf call 7ff7cfbcc8c4 429->439 432->372 441 7ff7cfbc3866-7ff7cfbc3875 call 7ff7cfbc2ed0 435->441 442 7ff7cfbc37bb-7ff7cfbc37c8 435->442 438->403 439->432 441->372 457 7ff7cfbc387b-7ff7cfbc38b2 call 7ff7cfbc6a10 call 7ff7cfbc64e0 call 7ff7cfbc5050 441->457 445 7ff7cfbc37d0-7ff7cfbc37da 442->445 455 7ff7cfbc377f-7ff7cfbc378b call 7ff7cfbc51f0 443->455 456 7ff7cfbc379e-7ff7cfbc37a3 call 7ff7cfbc54d0 443->456 449 7ff7cfbc37e3-7ff7cfbc37e5 445->449 450 7ff7cfbc37dc-7ff7cfbc37e1 445->450 453 7ff7cfbc3831-7ff7cfbc3861 call 7ff7cfbc3030 call 7ff7cfbc2e70 call 7ff7cfbc3020 call 7ff7cfbc54d0 call 7ff7cfbc5950 449->453 454 7ff7cfbc37e7-7ff7cfbc380a call 7ff7cfbc1b20 449->454 450->445 450->449 453->374 454->372 469 7ff7cfbc3810-7ff7cfbc381b 454->469 455->456 470 7ff7cfbc378d-7ff7cfbc379c call 7ff7cfbc5860 455->470 456->426 457->372 480 7ff7cfbc38b8-7ff7cfbc38ed call 7ff7cfbc3030 call 7ff7cfbc6ac0 call 7ff7cfbc54d0 call 7ff7cfbc5950 457->480 474 7ff7cfbc3820-7ff7cfbc382f 469->474 470->435 474->453 474->474 493 7ff7cfbc38ef-7ff7cfbc38f2 call 7ff7cfbc6780 480->493 494 7ff7cfbc38f7-7ff7cfbc38fa call 7ff7cfbc1aa0 480->494 493->494 497 7ff7cfbc38ff-7ff7cfbc3901 494->497 497->374
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC3A40: GetModuleFileNameW.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC3A71
                                                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32 ref: 00007FF7CFBC3747
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: GetEnvironmentVariableW.KERNEL32(00007FF7CFBC3589), ref: 00007FF7CFBC651A
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7CFBC6537
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                            • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                            • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                            • Opcode ID: f25f87442ec136b07288c3a6566fba1a8a5ac4eb32a7e04cc1fe4a3767523588
                                                                                                                                                                                                                            • Instruction ID: 2a9340544104033e2b49523910e4892754bd74efe05d542e801ed3afedbb5a7a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f25f87442ec136b07288c3a6566fba1a8a5ac4eb32a7e04cc1fe4a3767523588
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EB15061A1C6C351FA64BF3199512FFA690BF447A4FD84032EA8D47796EF2CE5058730
                                                                                                                                                                                                                            Function 00007FF7CFBC1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 498 7ff7cfbc1050-7ff7cfbc10ab call 7ff7cfbc9350 501 7ff7cfbc10d3-7ff7cfbc10eb call 7ff7cfbcf970 498->501 502 7ff7cfbc10ad-7ff7cfbc10d2 call 7ff7cfbc2760 498->502 507 7ff7cfbc1109-7ff7cfbc1119 call 7ff7cfbcf970 501->507 508 7ff7cfbc10ed-7ff7cfbc1104 call 7ff7cfbc24c0 501->508 514 7ff7cfbc1137-7ff7cfbc1147 507->514 515 7ff7cfbc111b-7ff7cfbc1132 call 7ff7cfbc24c0 507->515 513 7ff7cfbc126c-7ff7cfbc1281 call 7ff7cfbc9040 call 7ff7cfbcf95c * 2 508->513 531 7ff7cfbc1286-7ff7cfbc12a0 513->531 518 7ff7cfbc1150-7ff7cfbc1175 call 7ff7cfbccbe0 514->518 515->513 524 7ff7cfbc125e 518->524 525 7ff7cfbc117b-7ff7cfbc1185 call 7ff7cfbcc954 518->525 529 7ff7cfbc1264 524->529 525->524 532 7ff7cfbc118b-7ff7cfbc1197 525->532 529->513 533 7ff7cfbc11a0-7ff7cfbc11c8 call 7ff7cfbc7810 532->533 536 7ff7cfbc1241-7ff7cfbc125c call 7ff7cfbc2760 533->536 537 7ff7cfbc11ca-7ff7cfbc11cd 533->537 536->529 538 7ff7cfbc11cf-7ff7cfbc11d9 537->538 539 7ff7cfbc123c 537->539 541 7ff7cfbc1203-7ff7cfbc1206 538->541 542 7ff7cfbc11db-7ff7cfbc11e8 call 7ff7cfbcd108 538->542 539->536 544 7ff7cfbc1219-7ff7cfbc121e 541->544 545 7ff7cfbc1208-7ff7cfbc1216 call 7ff7cfbcb390 541->545 549 7ff7cfbc11ed-7ff7cfbc11f0 542->549 544->533 548 7ff7cfbc1220-7ff7cfbc1223 544->548 545->544 551 7ff7cfbc1225-7ff7cfbc1228 548->551 552 7ff7cfbc1237-7ff7cfbc123a 548->552 553 7ff7cfbc11f2-7ff7cfbc11fc call 7ff7cfbcc954 549->553 554 7ff7cfbc11fe-7ff7cfbc1201 549->554 551->536 555 7ff7cfbc122a-7ff7cfbc1232 551->555 552->529 553->544 553->554 554->536 555->518
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-1060636955
                                                                                                                                                                                                                            • Opcode ID: df73e98a5bdc617f61576f0593338818460192c68bc1ba0cb96a1d734edc4461
                                                                                                                                                                                                                            • Instruction ID: 5e1f8521cb3038377f00478d30317da4f561f290ba06b46f781cea35f9d0b40d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df73e98a5bdc617f61576f0593338818460192c68bc1ba0cb96a1d734edc4461
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7351AD76A086C285EA60BF21E4403FBA291BB847A4FC54136DA4D9B795EF3CE905C730
                                                                                                                                                                                                                            Function 00007FF7CFBC6AC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD29DC: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7CFBD4CC0), ref: 00007FF7CFBD2A49
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD29DC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7CFBD4CC0), ref: 00007FF7CFBD2A64
                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32 ref: 00007FF7CFBC6B47
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD4C20: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD4C34
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD2590: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD25F7
                                                                                                                                                                                                                            • GetCommandLineW.KERNEL32 ref: 00007FF7CFBC6BCF
                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE ref: 00007FF7CFBC6C11
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7CFBC6C25
                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 00007FF7CFBC6C35
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                            • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                            • API String ID: 1742298069-3524285272
                                                                                                                                                                                                                            • Opcode ID: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                                                            • Instruction ID: 7ea08a7a2c41f1871d6a36f448b86bc248dbadd40c1f5eb15fb3fb2ccd4d2986
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78412D32A08AC286D614EF74E4553EAF3A0FF94364F90453AE68D47A9ADF7CD0558B20
                                                                                                                                                                                                                            Function 00007FF7CFBD6408 Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 668 7ff7cfbd6408-7ff7cfbd642e 669 7ff7cfbd6430-7ff7cfbd6444 call 7ff7cfbcfc50 call 7ff7cfbcfc70 668->669 670 7ff7cfbd6449-7ff7cfbd644d 668->670 686 7ff7cfbd6843 669->686 672 7ff7cfbd6453-7ff7cfbd645a 670->672 673 7ff7cfbd682c-7ff7cfbd6838 call 7ff7cfbcfc50 call 7ff7cfbcfc70 670->673 672->673 675 7ff7cfbd6460-7ff7cfbd6492 672->675 692 7ff7cfbd683e call 7ff7cfbd5964 673->692 675->673 678 7ff7cfbd6498-7ff7cfbd649f 675->678 681 7ff7cfbd64a1-7ff7cfbd64b3 call 7ff7cfbcfc50 call 7ff7cfbcfc70 678->681 682 7ff7cfbd64b8-7ff7cfbd64bb 678->682 681->692 684 7ff7cfbd64c1-7ff7cfbd64c3 682->684 685 7ff7cfbd6828-7ff7cfbd682a 682->685 684->685 690 7ff7cfbd64c9-7ff7cfbd64cc 684->690 689 7ff7cfbd6846-7ff7cfbd685d 685->689 686->689 690->681 693 7ff7cfbd64ce-7ff7cfbd64f4 690->693 692->686 696 7ff7cfbd6533-7ff7cfbd653b 693->696 697 7ff7cfbd64f6-7ff7cfbd64f9 693->697 701 7ff7cfbd6505-7ff7cfbd651c call 7ff7cfbcfc50 call 7ff7cfbcfc70 call 7ff7cfbd5964 696->701 702 7ff7cfbd653d-7ff7cfbd6565 call 7ff7cfbd7d90 call 7ff7cfbd59cc * 2 696->702 699 7ff7cfbd6521-7ff7cfbd652e 697->699 700 7ff7cfbd64fb-7ff7cfbd6503 697->700 704 7ff7cfbd65b7-7ff7cfbd65ca 699->704 700->699 700->701 733 7ff7cfbd66bc 701->733 729 7ff7cfbd6582-7ff7cfbd65b3 call 7ff7cfbd6b60 702->729 730 7ff7cfbd6567-7ff7cfbd657d call 7ff7cfbcfc70 call 7ff7cfbcfc50 702->730 708 7ff7cfbd6646-7ff7cfbd6650 call 7ff7cfbddda0 704->708 709 7ff7cfbd65cc-7ff7cfbd65d4 704->709 721 7ff7cfbd6656-7ff7cfbd666b 708->721 722 7ff7cfbd66da 708->722 709->708 713 7ff7cfbd65d6-7ff7cfbd65d8 709->713 713->708 714 7ff7cfbd65da-7ff7cfbd65f1 713->714 714->708 718 7ff7cfbd65f3-7ff7cfbd65ff 714->718 718->708 723 7ff7cfbd6601-7ff7cfbd6603 718->723 721->722 727 7ff7cfbd666d-7ff7cfbd667f GetConsoleMode 721->727 725 7ff7cfbd66df-7ff7cfbd66ff ReadFile 722->725 723->708 728 7ff7cfbd6605-7ff7cfbd661d 723->728 731 7ff7cfbd6705-7ff7cfbd670d 725->731 732 7ff7cfbd67f2-7ff7cfbd67fb GetLastError 725->732 727->722 734 7ff7cfbd6681-7ff7cfbd6689 727->734 728->708 738 7ff7cfbd661f-7ff7cfbd662b 728->738 729->704 730->733 731->732 740 7ff7cfbd6713 731->740 735 7ff7cfbd67fd-7ff7cfbd6813 call 7ff7cfbcfc70 call 7ff7cfbcfc50 732->735 736 7ff7cfbd6818-7ff7cfbd681b 732->736 737 7ff7cfbd66bf-7ff7cfbd66c9 call 7ff7cfbd59cc 733->737 734->725 742 7ff7cfbd668b-7ff7cfbd66ad ReadConsoleW 734->742 735->733 746 7ff7cfbd66b5-7ff7cfbd66b7 call 7ff7cfbcfc00 736->746 747 7ff7cfbd6821-7ff7cfbd6823 736->747 737->689 738->708 745 7ff7cfbd662d-7ff7cfbd662f 738->745 749 7ff7cfbd671a-7ff7cfbd672f 740->749 751 7ff7cfbd66af GetLastError 742->751 752 7ff7cfbd66ce-7ff7cfbd66d8 742->752 745->708 756 7ff7cfbd6631-7ff7cfbd6641 745->756 746->733 747->737 749->737 758 7ff7cfbd6731-7ff7cfbd673c 749->758 751->746 752->749 756->708 761 7ff7cfbd6763-7ff7cfbd676b 758->761 762 7ff7cfbd673e-7ff7cfbd6757 call 7ff7cfbd5fcc 758->762 763 7ff7cfbd67e0-7ff7cfbd67ed call 7ff7cfbd5d84 761->763 764 7ff7cfbd676d-7ff7cfbd677f 761->764 770 7ff7cfbd675c-7ff7cfbd675e 762->770 763->770 767 7ff7cfbd67d3-7ff7cfbd67db 764->767 768 7ff7cfbd6781 764->768 767->737 771 7ff7cfbd6786-7ff7cfbd678d 768->771 770->737 773 7ff7cfbd678f-7ff7cfbd6793 771->773 774 7ff7cfbd67c9-7ff7cfbd67cd 771->774 775 7ff7cfbd6795-7ff7cfbd679c 773->775 776 7ff7cfbd67af 773->776 774->767 775->776 777 7ff7cfbd679e-7ff7cfbd67a2 775->777 778 7ff7cfbd67b5-7ff7cfbd67c5 776->778 777->776 779 7ff7cfbd67a4-7ff7cfbd67ad 777->779 778->771 780 7ff7cfbd67c7 778->780 779->778 780->767
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: c90ad42d249651f758b2c199a5040bf2200c1a544a2eafbcd5a7c755b9f33bb2
                                                                                                                                                                                                                            • Instruction ID: 7a65251f18eb8b239324e149ee24de1f14b84793219963a42dd2d8fca65ef1c2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c90ad42d249651f758b2c199a5040bf2200c1a544a2eafbcd5a7c755b9f33bb2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92C1A122A0C7C741E761AF3594402FAAB62EB80BA4F850132DA4E47799DF7CE8558772
                                                                                                                                                                                                                            Function 00007FF7CFBD7748 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 858 7ff7cfbd7748-7ff7cfbd776d 859 7ff7cfbd7773-7ff7cfbd7776 858->859 860 7ff7cfbd7a11 858->860 861 7ff7cfbd7797-7ff7cfbd77be 859->861 862 7ff7cfbd7778-7ff7cfbd7792 call 7ff7cfbcfc50 call 7ff7cfbcfc70 call 7ff7cfbd5964 859->862 863 7ff7cfbd7a13-7ff7cfbd7a2a 860->863 864 7ff7cfbd77c0-7ff7cfbd77c7 861->864 865 7ff7cfbd77c9-7ff7cfbd77cf 861->865 862->863 864->862 864->865 867 7ff7cfbd77df-7ff7cfbd77ed call 7ff7cfbddda0 865->867 868 7ff7cfbd77d1-7ff7cfbd77da call 7ff7cfbd6b60 865->868 876 7ff7cfbd77f3-7ff7cfbd7803 867->876 877 7ff7cfbd78fe-7ff7cfbd790e 867->877 868->867 876->877 881 7ff7cfbd7809-7ff7cfbd781c call 7ff7cfbd84e4 876->881 879 7ff7cfbd7910-7ff7cfbd7915 877->879 880 7ff7cfbd795d-7ff7cfbd7982 WriteFile 877->880 884 7ff7cfbd7917-7ff7cfbd791a 879->884 885 7ff7cfbd7949-7ff7cfbd795b call 7ff7cfbd72cc 879->885 882 7ff7cfbd7984-7ff7cfbd798a GetLastError 880->882 883 7ff7cfbd798d 880->883 893 7ff7cfbd7834-7ff7cfbd7850 GetConsoleMode 881->893 894 7ff7cfbd781e-7ff7cfbd782e 881->894 882->883 887 7ff7cfbd7990 883->887 888 7ff7cfbd7935-7ff7cfbd7947 call 7ff7cfbd74ec 884->888 889 7ff7cfbd791c-7ff7cfbd791f 884->889 899 7ff7cfbd78f2-7ff7cfbd78f9 885->899 895 7ff7cfbd7995 887->895 888->899 896 7ff7cfbd7921-7ff7cfbd7933 call 7ff7cfbd73d0 889->896 897 7ff7cfbd799a-7ff7cfbd79a4 889->897 893->877 900 7ff7cfbd7856-7ff7cfbd7859 893->900 894->877 894->893 895->897 896->899 901 7ff7cfbd79a6-7ff7cfbd79ab 897->901 902 7ff7cfbd7a0a-7ff7cfbd7a0f 897->902 899->895 905 7ff7cfbd785f-7ff7cfbd7866 900->905 906 7ff7cfbd78e0-7ff7cfbd78ed call 7ff7cfbd6de0 900->906 907 7ff7cfbd79ad-7ff7cfbd79b0 901->907 908 7ff7cfbd79da-7ff7cfbd79eb 901->908 902->863 905->897 911 7ff7cfbd786c-7ff7cfbd787a 905->911 906->899 914 7ff7cfbd79b2-7ff7cfbd79c2 call 7ff7cfbcfc70 call 7ff7cfbcfc50 907->914 915 7ff7cfbd79cd-7ff7cfbd79d5 call 7ff7cfbcfc00 907->915 912 7ff7cfbd79f2-7ff7cfbd7a02 call 7ff7cfbcfc70 call 7ff7cfbcfc50 908->912 913 7ff7cfbd79ed-7ff7cfbd79f0 908->913 911->887 917 7ff7cfbd7880 911->917 912->902 913->860 913->912 914->915 915->908 921 7ff7cfbd7883-7ff7cfbd789a call 7ff7cfbdde6c 917->921 930 7ff7cfbd78d2-7ff7cfbd78db GetLastError 921->930 931 7ff7cfbd789c-7ff7cfbd78a6 921->931 930->887 932 7ff7cfbd78c3-7ff7cfbd78ca 931->932 933 7ff7cfbd78a8-7ff7cfbd78ba call 7ff7cfbdde6c 931->933 932->887 935 7ff7cfbd78d0 932->935 933->930 937 7ff7cfbd78bc-7ff7cfbd78c1 933->937 935->921 937->932
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD778A
                                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707,?,?,?,00007FF7CFBD136B), ref: 00007FF7CFBD7848
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707,?,?,?,00007FF7CFBD136B), ref: 00007FF7CFBD78D2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2210144848-0
                                                                                                                                                                                                                            • Opcode ID: abf261f407780d73d122f22d6a8d00088c8cb71f7aeeba393a2ce32a2c31ccc9
                                                                                                                                                                                                                            • Instruction ID: a8d54a1098333b2ecb8fe3856bb7f5fac932291e065221c85fdf17395fd9eb6c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abf261f407780d73d122f22d6a8d00088c8cb71f7aeeba393a2ce32a2c31ccc9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A817D22A1869295FB10BF75D8402F9A6A0AB44BA8FE44136DE0E53699DF3CA445C332
                                                                                                                                                                                                                            Function 00007FF7CFBCA754 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4144305933-0
                                                                                                                                                                                                                            • Opcode ID: 905a242882acf3dcbb492acab9fca3e2a56a9f2e6c63301775e57231c58ea269
                                                                                                                                                                                                                            • Instruction ID: 5f86e8069079fee7fe6057beb3c3adf3b2c6af0962a8014d31e4aef39e8f24fd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 905a242882acf3dcbb492acab9fca3e2a56a9f2e6c63301775e57231c58ea269
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85314D21E0C1C386FA28BF75A5613FAE295AF417E4FC44035D64D4B6DBDF6CA8498231
                                                                                                                                                                                                                            Function 00007FF7CFBDA16C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 997 7ff7cfbda16c-7ff7cfbda1a9 998 7ff7cfbda354-7ff7cfbda35f call 7ff7cfbcfc70 997->998 999 7ff7cfbda1af-7ff7cfbda1b5 997->999 1005 7ff7cfbda363-7ff7cfbda37f call 7ff7cfbca5f0 998->1005 999->998 1000 7ff7cfbda1bb-7ff7cfbda1c3 999->1000 1000->998 1002 7ff7cfbda1c9-7ff7cfbda1cc 1000->1002 1002->998 1004 7ff7cfbda1d2-7ff7cfbda1e3 1002->1004 1006 7ff7cfbda1e5-7ff7cfbda1ee call 7ff7cfbda10c 1004->1006 1007 7ff7cfbda20d-7ff7cfbda211 1004->1007 1006->998 1014 7ff7cfbda1f4-7ff7cfbda1f7 1006->1014 1007->998 1011 7ff7cfbda217-7ff7cfbda21b 1007->1011 1011->998 1013 7ff7cfbda221-7ff7cfbda225 1011->1013 1013->998 1015 7ff7cfbda22b-7ff7cfbda23b call 7ff7cfbda10c 1013->1015 1014->998 1016 7ff7cfbda1fd-7ff7cfbda200 1014->1016 1020 7ff7cfbda244 call 7ff7cfbe05b4 1015->1020 1021 7ff7cfbda23d-7ff7cfbda240 1015->1021 1016->998 1018 7ff7cfbda206 1016->1018 1018->1007 1024 7ff7cfbda249-7ff7cfbda260 call 7ff7cfbdf9b0 1020->1024 1021->1020 1022 7ff7cfbda242 1021->1022 1022->1020 1027 7ff7cfbda266-7ff7cfbda271 call 7ff7cfbdf9e0 1024->1027 1028 7ff7cfbda380-7ff7cfbda397 call 7ff7cfbd5984 1024->1028 1027->1028 1033 7ff7cfbda277-7ff7cfbda282 call 7ff7cfbdfa10 1027->1033 1033->1028 1036 7ff7cfbda288-7ff7cfbda319 1033->1036 1037 7ff7cfbda34f-7ff7cfbda352 1036->1037 1038 7ff7cfbda31b-7ff7cfbda335 1036->1038 1037->1005 1039 7ff7cfbda337-7ff7cfbda33b 1038->1039 1040 7ff7cfbda34a-7ff7cfbda34d 1038->1040 1039->1040 1041 7ff7cfbda33d-7ff7cfbda348 call 7ff7cfbe05f4 1039->1041 1040->1005 1041->1037 1041->1040
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                                                            • Opcode ID: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                                                            • Instruction ID: 756e8bd54f51db653408a0651147aba616236a4210acc2161749e501339130f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2510B72F041928AFB1CEF7899415FCB76AAB007B8F940136DE1D56ADADB3CA4058721
                                                                                                                                                                                                                            Function 00007FF7CFBD0030 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                                                            • Opcode ID: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                                                            • Instruction ID: a71c04a336d5563e30ff2d36b9b764314baf0c8535dca42b4ba960bca2a85966
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85517E22A046818AFB14EF70D8403FDA7B5AB48BA8F944136EE0D5B68DDF38D4858771
                                                                                                                                                                                                                            Function 00007FF7CFBCFEE4 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2907017715-0
                                                                                                                                                                                                                            • Opcode ID: 2e9f51862bea0f784220eb21cb60309d8ddf4c05621d68dd0f99bab33618c716
                                                                                                                                                                                                                            • Instruction ID: 872c33ebb38d1f922373249c18285820d899062abe51db9e4b277c96a98d3185
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e9f51862bea0f784220eb21cb60309d8ddf4c05621d68dd0f99bab33618c716
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC31C432E187C186E650AF31A5002EAB650FB857B4F544335EABC43AD6DF3CE5A18770
                                                                                                                                                                                                                            Function 00007FF7CFBD4394 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                            • Opcode ID: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                            • Instruction ID: 5dd77de5a0b01910c64abecbfbbe8d0156045000f6af7beb58f7299e8aa29cb8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18E04F24B0578282EB147F35AD953FEA2629F88771F405539D80E8239ACF3DE4888332
                                                                                                                                                                                                                            Function 00007FF7CFBD97A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: try_get_function
                                                                                                                                                                                                                            • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                                                                            • API String ID: 2742660187-2031265017
                                                                                                                                                                                                                            • Opcode ID: 7c477a6e0260293fc4875704b17d5099e40d7a8fa35e17519be663d6003857eb
                                                                                                                                                                                                                            • Instruction ID: 0d17b0c2929addf57beed3ecdae7d63ddbcdaba6aba7948babc7176ef6f03e98
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c477a6e0260293fc4875704b17d5099e40d7a8fa35e17519be663d6003857eb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90E04F92E0868691FA146FB1A8002F0A2109F18770ECC0332DD3C063D09F6CF9D6C3B4
                                                                                                                                                                                                                            Function 00007FF7CFBCC980 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                                                            • Instruction ID: 8df74176832c4cee26854a1e2186feb4d3d36145464fc8e54286dca5aff3b82a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF51E561B086D546F628AE79A4006FBE691BF50BB4F844231ED6D577C9CF3CF4018630
                                                                                                                                                                                                                            Function 00007FF7CFBD01D8 Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD00ED), ref: 00007FF7CFBD020C
                                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD00ED), ref: 00007FF7CFBD0220
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                                                            • Opcode ID: 0eaf3b3217e949b2d1843143c589130ed5bb45f9e3ac99212c08a79cd93a5246
                                                                                                                                                                                                                            • Instruction ID: 3b79136acb5a6564e8a2ee56121120d10ab6414250c495bbbce44da1f85fa1d7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eaf3b3217e949b2d1843143c589130ed5bb45f9e3ac99212c08a79cd93a5246
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95118262B1465289FB54AF7094511FD7BB0AB44775B800236DE6D959DCEF38D090C730
                                                                                                                                                                                                                            Function 00007FF7CFBD6ABC Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00007FF7CFBD77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707), ref: 00007FF7CFBD6B00
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7CFBD77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707), ref: 00007FF7CFBD6B0A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                                                            • Opcode ID: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                            • Instruction ID: 714a0f08eb54e9532366361c5d632e106cfef9a75c38c48d785e813089eb6a4a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C301A161B18AC241EA14AF35A8451BAA261AF44BF0B944332EA7E477D9DF3CD4518331
                                                                                                                                                                                                                            Function 00007FF7CFBD201C Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD1E99), ref: 00007FF7CFBD203F
                                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD1E99), ref: 00007FF7CFBD2055
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                                                            • Opcode ID: 9bba130d84977ab18fcd365510e816d73f80cae2fb6a2fa4e9637845de17096b
                                                                                                                                                                                                                            • Instruction ID: e9255718555f43986f5917867912cb2949896b815f452645abc5d5c1ab634a6a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bba130d84977ab18fcd365510e816d73f80cae2fb6a2fa4e9637845de17096b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09018E3250CAD582E750AF35A4012BAF7B1FB85B71FA40236E6AE455D8DB3DD050CB31
                                                                                                                                                                                                                            Function 00007FF7CFBD2BB8 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2018770650-0
                                                                                                                                                                                                                            • Opcode ID: a110f7d1b7ec296afe3bcd74a18c0b5b99b74e1faa9278b797ccf47ad87a1743
                                                                                                                                                                                                                            • Instruction ID: 7889b21fced040d3eb4ee7f4bb047fdfdecad149e9d79ac0ebc1ea315208a9f9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a110f7d1b7ec296afe3bcd74a18c0b5b99b74e1faa9278b797ccf47ad87a1743
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31D01214F199C382E6243F751C452F991901F84731FE00671D82EC11D1DF5CA0CA0232
                                                                                                                                                                                                                            Function 00007FF7CFBD1D84 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 377330604-0
                                                                                                                                                                                                                            • Opcode ID: 258a339611dc062ead2a4e41dd68cb13de698b6b72ff6dd1ba0822b57a256d12
                                                                                                                                                                                                                            • Instruction ID: 0dbb7f9b0625addaf72065c2f45fddd4ee581422f05f822a03a41cc4a8213843
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 258a339611dc062ead2a4e41dd68cb13de698b6b72ff6dd1ba0822b57a256d12
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8D01210F1D58386F6547F715C451FA91905F54730FE10635D42DC11E2DF1CA0850232
                                                                                                                                                                                                                            Function 00007FF7CFBD5B24 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,?,00007FF7CFBD5A57,?,?,00000000,00007FF7CFBD5AFF,?,?,?,?,?,?,00007FF7CFBCC892), ref: 00007FF7CFBD5B8A
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7CFBD5A57,?,?,00000000,00007FF7CFBD5AFF,?,?,?,?,?,?,00007FF7CFBCC892), ref: 00007FF7CFBD5B94
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                                                            • Opcode ID: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                            • Instruction ID: 00c4dcba95ab5d11c7367e744135c1d4cad19d714b8f2a86915357c47001b548
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71118425B096C641FE647F7096913FD92825F447B4FD40637DA2E462CADF6CA4444232
                                                                                                                                                                                                                            Function 00007FF7CFBC6780 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_findclose
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2772937645-0
                                                                                                                                                                                                                            • Opcode ID: 60610fc876f16fd9b0a90bb3068824f235090de2859d10f142fb3a36952b6a68
                                                                                                                                                                                                                            • Instruction ID: b3ab256a9d9809af4669794e2f26241931fef2cb2073b04e2ef1d0cb0bce4fd8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60610fc876f16fd9b0a90bb3068824f235090de2859d10f142fb3a36952b6a68
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B719C52E18AC681E611DF2CC5052FDA370F7A8B58F95E321DB9C12596EF28E2D9C320
                                                                                                                                                                                                                            Function 00007FF7CFBCCF5C Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: bf3f1a6fcfa385c04d256719798814bead27d58cedbbbd31485cd1618fd0d012
                                                                                                                                                                                                                            • Instruction ID: 964e9ce8f8fb63316fc5e46fcf08e283ef2268aa8a09a8d3eb093ec48158095f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf3f1a6fcfa385c04d256719798814bead27d58cedbbbd31485cd1618fd0d012
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8141E561B082D146EA54AE3E55102BAF281AF48FF0F984235ED2D477D5CF3CF8468231
                                                                                                                                                                                                                            Function 00007FF7CFBD6860 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                            • Instruction ID: 7fbc918fcab0fc1aa03f230cc9eaf7b48c74843eb3c8014d43b4141a812c5728
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC41E932A1828287EA14AF28D6402BCB7B1FB44764F840133DB4D87799CF6DE462C772
                                                                                                                                                                                                                            Function 00007FF7CFBD309C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                            • Instruction ID: 53789a649be6504d683b0a8881691b299e2bc5e60ab0bf1183fade08cf82e738
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00319F22A08A8781EA10AF3595443F9A7949F41FF4FA84133CA1D0779ADF6CE8458372
                                                                                                                                                                                                                            Function 00007FF7CFBC6CF0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                                                            • Opcode ID: c5cf8987b2de0797b4c25b18192e475f8df0edc5e232c0de2b6d18a1549a52d0
                                                                                                                                                                                                                            • Instruction ID: e514818c475fa7f8f9a4a2e3b00c4c6902b8d2a575653b0e5de27f1ac36bc4dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5cf8987b2de0797b4c25b18192e475f8df0edc5e232c0de2b6d18a1549a52d0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD214C21B182D352EA14AF2295147FBA666BF45BE4FC84431DE0C57786CF3CE4068334
                                                                                                                                                                                                                            Function 00007FF7CFBD62EC Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                                                            • Instruction ID: e99666d66b016ce3896d1d6abbcd654cb5dae6578920fc55ea96f510b99eaaf6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D319521A0868285E7157F7994413FEA661AF40BB0FC10136EA1D037D6CFBCE4418732
                                                                                                                                                                                                                            Function 00007FF7CFBD765C Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4f8c837f573c96fa8c8593ba1b7d553f0e89515899b505bf482fc54d7a9b3302
                                                                                                                                                                                                                            • Instruction ID: cf8094d6e7d9006dd793bac583acdbcc05a2d8442227a3a34a5fd21de41b3eff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f8c837f573c96fa8c8593ba1b7d553f0e89515899b505bf482fc54d7a9b3302
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2321AE22B182C246E701BF35A8413FEA660AB40BB0FA40936EE1D077DACF7CE4418731
                                                                                                                                                                                                                            Function 00007FF7CFBD69CC Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                            • Instruction ID: c97efb5ccd24df582bffee841b0569b9bc9d9152918e0ac288bd6840518787f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5821A122B086C345E7097F31A8413BEA661AB40BB0F958636EE6D077D6CF7CE4418731
                                                                                                                                                                                                                            Function 00007FF7CFBD0C88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                            • Instruction ID: 7138ac406e9babbb44801e84a499684b148a4e7c92125ff21149f0499eb7de16
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5115125A1D6C181EA60BF6194002FEE264BF84BE4F984433EA4D47A9ECF7DE4408772
                                                                                                                                                                                                                            Function 00007FF7CFBE0954 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                            • Instruction ID: 528ac6b0873f0c3723121cbe3531647a57b924a00119506d84ed9ccfc88dccf6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C218772618AC587EB61AF38E4403B9B6A1FB84BE4F984235E75D476D9DF3CD4408B20
                                                                                                                                                                                                                            Function 00007FF7CFBD42D8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3947729631-0
                                                                                                                                                                                                                            • Opcode ID: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                            • Instruction ID: fb9b54cb84ea12826d87f1c7097657ff363763656140d2d07dda5b3f25a635d3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D215E32E05B81CAEB15AF78D4442ECB7B4EB44728FC4453AD60D43A89DF38D585CBA1
                                                                                                                                                                                                                            Function 00007FF7CFBCCC00 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                            • Instruction ID: 1c6f13fed78a647d3699bd89e8c8a2769d82cbb2a4f1abde4c1eb14d5da3be88
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F018EA1B087C141EA04AF7699001BBE694ABA5FF0F888671EE6C17BD6CF3CE4014370
                                                                                                                                                                                                                            Function 00007FF7CFBD5A80 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                            • Instruction ID: 0078e6629f00f5ccbce2a617daef044c8fafdd04d9d15fa7020741ee9cfea04e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3113D66A186C286EB15AF64E5812EEF760EB80774FD04137E64D066E9DFBCE005C731
                                                                                                                                                                                                                            Function 00007FF7CFBCC840 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 77285a0bb05a245252c347265aa7336171c448c1628e3d1fdee21f01d072954f
                                                                                                                                                                                                                            • Instruction ID: 5b05a8e4ca342039e7fa742da4dbe2ce17708abe679130c7e44898dbef99e7ae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77285a0bb05a245252c347265aa7336171c448c1628e3d1fdee21f01d072954f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D017161F085C241FE147E79A5513FF91509F947B4FE90732E92D462C6CF2CE4018272
                                                                                                                                                                                                                            Function 00007FF7CFBCD108 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 3046e24bed232bedf9ab96f5d1dc5647e2b8c2cb7c1726276d598b4946c118ea
                                                                                                                                                                                                                            • Instruction ID: a9bd4fca011c82efd65fbbb7d06c377961188aa3a9c40728717e0c50370887e5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3046e24bed232bedf9ab96f5d1dc5647e2b8c2cb7c1726276d598b4946c118ea
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15016D72A00B5689EB00EFB0E4405ED77B8FB64768B840136DE5C13758DF34D5A5C3A0
                                                                                                                                                                                                                            Function 00007FF7CFBCCCA8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                            • Instruction ID: cc1f7e1b3fb063281125a4f17c44a26f5020bc134433862c682761e0553521db
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F09061B186C241EA10BF7AA8110BFE150AF95BF0F985170FA5D47B86DF7CE8414770
                                                                                                                                                                                                                            Function 00007FF7CFBCC8C4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                            • Instruction ID: f01579f8904bde77d907ee7bcd3c9af5c20a52f4447ee8075c034472c3e58bd3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56F05E61A0C6C641EA14BF7DA4111FFA2909F947B0F980530EA1D866C6CF6CF4415771
                                                                                                                                                                                                                            Function 00007FF7CFBD3048 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                            • Instruction ID: 11f3c482e502b473ae723c9f2e2de8e44990640b297af53296a7af5304ffbacb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE03920A4968240EA14BFB6A5112FAA1505F84BF0FA81731EA7E066CBDF6CE0508735
                                                                                                                                                                                                                            Function 00007FF7CFBCFB44 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalDeleteSection
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 166494926-0
                                                                                                                                                                                                                            • Opcode ID: e0a086369191bd1476109d833460e45aa2691c0788f62287b70b696af665f0f5
                                                                                                                                                                                                                            • Instruction ID: 36667a98a8ff5b004f838fdca2b81a704d62c5f000afd60821389e209c51865b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0a086369191bd1476109d833460e45aa2691c0788f62287b70b696af665f0f5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F0C065F08A8781FF10BFB9E8A13F893B0DF98774F841132CA5D46256CF2CA4959232
                                                                                                                                                                                                                            Function 00007FF7CFBD59CC Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                            • Opcode ID: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                                                            • Instruction ID: c2190757a06069cc7cee5a6790032e512a929d64c5f5fe1d73870bbf64013502
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FD0C941F295C382FE6CBFB669851B292515FA4BA1F884032D90E8555AAF1C64924271
                                                                                                                                                                                                                            Function 00007FF7CFBC6E20 Relevance: 1.3, APIs: 1, Instructions: 88sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD2BB8: DeleteFileW.KERNELBASE ref: 00007FF7CFBD2BBC
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD2BB8: GetLastError.KERNEL32 ref: 00007FF7CFBD2BC6
                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000100000000,00007FF7CFBC690E,00000000,00007FF7CFBC38F7), ref: 00007FF7CFBC6F6A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteErrorFileLastSleep
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3792865491-0
                                                                                                                                                                                                                            • Opcode ID: 21df8145b58372fc6ca0a991188256917f6fbe585c6e6b148f9504788edb642f
                                                                                                                                                                                                                            • Instruction ID: 20edd258e7205ac590d6aea10b3020a7503660c1196d419046540eeb5fa18793
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21df8145b58372fc6ca0a991188256917f6fbe585c6e6b148f9504788edb642f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B417516D187C682E651AF34D5113FDA370FB99754F85A332DB8D52296EF28A2C8C320
                                                                                                                                                                                                                            Function 00007FF7CFBD9550 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF7CFBD86BD,?,?,00000000,00007FF7CFBCFC79,?,?,?,?,00007FF7CFBD59F1), ref: 00007FF7CFBD95A5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                            • Instruction ID: 8486a2dc3700e9cc408a2d37f665547ebc18149b19222d695f2e5cf613cda1f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF06D54B0A38B81FE687F7255003F5D2945F98BA8F8C0032CD0E867C5EF1CE4808232
                                                                                                                                                                                                                            Function 00007FF7CFBD7D90 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                            • Instruction ID: ca97f63084513e984ec51c2dfea4e4dfdab7f7c1460576c7139418245a880b4f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48F08C90B0D7C781FE683F7269406F5D2805F88BB0FA80332DD2E866C9DF2CA4418232

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 00007FF7CFBC3C90 Relevance: 285.7, APIs: 54, Strings: 109, Instructions: 443libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                            • API String ID: 190572456-139387903
                                                                                                                                                                                                                            • Opcode ID: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                                                            • Instruction ID: b7a9acd98fde7781c357d810a8d9ecdd6b0d1c5d42b8635c8ca1db07781251e4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4329468A19B8390FA55BF74A8502F9A3B2BF05774BE45435C80E06664EF7DFA58C230
                                                                                                                                                                                                                            Function 00007FF7CFBC1B80 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                            • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                            • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                            • Opcode ID: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                                                            • Instruction ID: b4f04e2b0f4736ad26da42981e340b3ffc85027acf3f03c073c47cca4fca37c9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56A16976218BC187E7149F21E59479AB770F788BA0F90412AEB8D47B24CF7DE164CB60
                                                                                                                                                                                                                            Function 00007FF7CFBDE4EC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                            • API String ID: 808467561-2761157908
                                                                                                                                                                                                                            • Opcode ID: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
                                                                                                                                                                                                                            • Instruction ID: d357c8ab5d122c5f09014302e3be787b7e5765afdf6350fa4737247e13fb9440
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57B2C372E182C28BE7659F74D4407FDB7A1FB44398F945136EA0E57A88DB38A900CB61
                                                                                                                                                                                                                            Function 00007FF7CFBC6FA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FC7
                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FF6
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 00007FF7CFBC704C
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                            • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                            • Opcode ID: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                                                            • Instruction ID: 2806178e65715bff282b2747c9ff236732a1d132cbe0d1fc7b30c6f8b677f311
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08214131A18A8292EB64BF35F8507EAB365BF483A4FD40135D58D826A5EF3CE145C730
                                                                                                                                                                                                                            Function 00007FF7CFBC82D8 Relevance: 12.0, Strings: 9, Instructions: 730COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                            • API String ID: 0-2665694366
                                                                                                                                                                                                                            • Opcode ID: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
                                                                                                                                                                                                                            • Instruction ID: 735c561eb9b8f11ec833ead64d3449d710aa782a925b708ac2fd1d1a1319f0e9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B52F572A146E68BD7949F24D898ABF77ADFB84350F914139E68983780DF3DD844CB20
                                                                                                                                                                                                                            Function 00007FF7CFBCAEE0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                                            • Opcode ID: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                                                            • Instruction ID: 206f84e0aa46e600870844cae1ec7f158a53d3428c5ade5aa16a3e301ee1add0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72311072609BC186EB64AF71E8503EEB364FB44754F844439DA4E47A99DF38D548C720
                                                                                                                                                                                                                            Function 00007FF7CFBDC06C Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: b60cb4508949a97d26d488ce8086efd6f387b659104e37ff9700f100611ca9c5
                                                                                                                                                                                                                            • Instruction ID: 7fec8dbc0b2778a09242f7d5fb83c630a6c6e99311330361d204ea49f79298e6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b60cb4508949a97d26d488ce8086efd6f387b659104e37ff9700f100611ca9c5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24A1A3A2A196D141EA50EF7698006FAE3A4FB44BB4F844236EE5D47B88DF3CE4458731
                                                                                                                                                                                                                            Function 00007FF7CFBD5750 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                                            • Opcode ID: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                                                            • Instruction ID: 193aec7c59da23e19b8d03b1190d52b3badfdd0368a658de96e51d3d5b32bd5b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80315F32618BC186DB649F35E8402EEB7A4FB88764F940136EA9D47B59DF3CC1558B20
                                                                                                                                                                                                                            Function 00007FF7CFBD6DE0 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1443284424-0
                                                                                                                                                                                                                            • Opcode ID: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                                                            • Instruction ID: a6ce8d82e5cc0702c01f49aafe5b27bd0c76f7988f87c3e6f61652e1fc199c32
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15E1FF62B08AC19AE700DF74D0401EDBBB1FB457A8FA44126EE4E57B99DF38D416C721
                                                                                                                                                                                                                            Function 00007FF7CFBDFF2C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                            • Opcode ID: c79a3dc79bc7717650b910d379bfdac5b9d5d5da0d8330765a5abc2f84c2bf49
                                                                                                                                                                                                                            • Instruction ID: 72539797101189e12fdaeebb1696489a205d3680ce16e173a651a28aaae7eb52
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c79a3dc79bc7717650b910d379bfdac5b9d5d5da0d8330765a5abc2f84c2bf49
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C591A326E0829246E724BF35D4403FAAB91EF80BF4F948132EA4C47A99DF3CD4518771
                                                                                                                                                                                                                            Function 00007FF7CFBC7AA4 Relevance: 5.4, Strings: 4, Instructions: 399COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                                                                                                                                                                                            • API String ID: 0-4074041902
                                                                                                                                                                                                                            • Opcode ID: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
                                                                                                                                                                                                                            • Instruction ID: 557a2bfdef3f100da8372e7621f8924abc16bee713ac6b9b28edec8b1c47a388
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42F1A172A183CA86E7A5AF25C088ABBBBADFF44750F554538EA4947790DB3CD840C770
                                                                                                                                                                                                                            Function 00007FF7CFBDE0C0 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1502251526-0
                                                                                                                                                                                                                            • Opcode ID: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                                                                                                                                                                            • Instruction ID: 19d563a3b446d982b7e843101179803faa05d90c02f8ba87131a7f91d3870a92
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9C1A372B186C687E724DF29A1446EEB791F7947A4F848136EB4E43748DB3CE841CB60
                                                                                                                                                                                                                            Function 00007FF7CFBCA060 Relevance: 4.1, Strings: 3, Instructions: 384COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                                                                                                                                                            • API String ID: 0-3255898291
                                                                                                                                                                                                                            • Opcode ID: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
                                                                                                                                                                                                                            • Instruction ID: b93aa7fdcc65c6d5ae9e1dd34c51b18a95d6dab7fe926af22d9cc05edcb704d4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FD15832A0C5D18BD71D9F38D4242BEBBA5E7957A0F448136EA9A437C1CB3CD909C720
                                                                                                                                                                                                                            Function 00007FF7CFBC790D Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                                                            • API String ID: 0-1186847913
                                                                                                                                                                                                                            • Opcode ID: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
                                                                                                                                                                                                                            • Instruction ID: bd6b2d85944cdfcc6c3b2769216c615ce950a46fa3610c57535620b98b0e15a6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09918972A182C687F7A4AF25D488BBB7AADFF44360F514139DA4947790DB38E944CB20
                                                                                                                                                                                                                            Function 00007FF7CFBC7FCC Relevance: 3.9, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: $ $invalid block type
                                                                                                                                                                                                                            • API String ID: 0-2056396358
                                                                                                                                                                                                                            • Opcode ID: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
                                                                                                                                                                                                                            • Instruction ID: d2de023296be1940a01a144f756e01fdc0f72a9d474a50d9a1aaec299cfc0dd6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27619473A047CA8BE760AF25D88C6BBBAEDFB44760F914139D65882390DF39D545CB20
                                                                                                                                                                                                                            Function 00007FF7CFBD87F4 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: gfffffff
                                                                                                                                                                                                                            • API String ID: 3215553584-1523873471
                                                                                                                                                                                                                            • Opcode ID: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
                                                                                                                                                                                                                            • Instruction ID: e4de4b5d5210a03f70fd681b1b1a93be9c3d6b2cf48a63508018fa3eb67075c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60913462B093C686EB159F3994007EAAB90AB51BA5F459032CE4D57789DB3DE5028322
                                                                                                                                                                                                                            Function 00007FF7CFBD9200 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD9236
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD5984: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7CFBD5961), ref: 00007FF7CFBD598D
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD5984: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7CFBD5961), ref: 00007FF7CFBD59B2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: -
                                                                                                                                                                                                                            • API String ID: 4036615347-2547889144
                                                                                                                                                                                                                            • Opcode ID: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
                                                                                                                                                                                                                            • Instruction ID: d592818b991a3ebd42124ccd0d76bde6f0455fbdacece7175ba43064758eb4f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B910472A087C586E664AF3595007AAF791FB85BF4F844236DA9D43BDDDB3CD4008B21
                                                                                                                                                                                                                            Function 00007FF7CFBE3C18 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 15204871-0
                                                                                                                                                                                                                            • Opcode ID: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
                                                                                                                                                                                                                            • Instruction ID: dd05cf4d148147edaf9e83db5438d7b05d1f23defd3f21ab22ed79e1909383d9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CB15E73600B858BEB15DF39C4863AC7BA0FB44B58F698921DB9D87BA4CB39D451C720
                                                                                                                                                                                                                            Function 00007FF7CFBDB13C Relevance: 1.9, APIs: 1, Instructions: 439COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 6c87813eb0b7604b4eea48c97782e3468826fdaa3bea98711e9572d0e941083e
                                                                                                                                                                                                                            • Instruction ID: 74aacaec5dcf4eba3bc7adaf9f8d1cdcc93d44b11559ab67afaee9086a71d909
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c87813eb0b7604b4eea48c97782e3468826fdaa3bea98711e9572d0e941083e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF02AB21B097C641FA65BF31A5012F9E694AF01BB4FC49636DE6D467DADF3CA4028332
                                                                                                                                                                                                                            Function 00007FF7CFBE0A18 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 474895018-0
                                                                                                                                                                                                                            • Opcode ID: 641f67d2644e596bdc399d32e1ffa7e031db3e75a12c0dd38819966bab89df53
                                                                                                                                                                                                                            • Instruction ID: fdbc7d699247c4a6f2c33d2a242dab793269881dcbaa54cfc781173c5c9e5afd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 641f67d2644e596bdc399d32e1ffa7e031db3e75a12c0dd38819966bab89df53
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9271F422B082C24AF7246F7994407B9E291BF503B4F980635DA5E87BD5DF7DE8818631
                                                                                                                                                                                                                            Function 00007FF7CFBCE80C Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                            • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                            • Opcode ID: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
                                                                                                                                                                                                                            • Instruction ID: 3f705430f23d87b39e2c2f4ee7ff05574c56f558aa8781509dfc3774c038d7c3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8871D625A18282C6E7A4BE35C0006FBA291EF40764FE45036FD4E57699CF7DE8438735
                                                                                                                                                                                                                            Function 00007FF7CFBD2BE0 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: TMP
                                                                                                                                                                                                                            • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                            • Opcode ID: 4aff63487ee365a20461661d557f783715ffeb5bcf97619d2dda1ed64c23860c
                                                                                                                                                                                                                            • Instruction ID: 000ee1c943e3ac561c507f75c86a897f392d7cc04c3f41cb455971481fd01d18
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4aff63487ee365a20461661d557f783715ffeb5bcf97619d2dda1ed64c23860c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6861A215B08AD242EA68BF3295115FAD291AF44BE4FD88036DD4D47B9DDF3DE4428232
                                                                                                                                                                                                                            Function 00007FF7CFBCE5A4 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                            • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                            • Opcode ID: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
                                                                                                                                                                                                                            • Instruction ID: 109c00dd32eeb39a419e38a0fa5384844a8c26932c1d0c588d14cd03544a0087
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E761C215A2C2C2C6FA646E3A94003FBE7919F41764FE41132FDC85769ACF6DE8468B31
                                                                                                                                                                                                                            Function 00007FF7CFBDDB48 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                                            • Opcode ID: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
                                                                                                                                                                                                                            • Instruction ID: 0b583986940dba23ae1157879e2782a47ce56f64ce434767429ef150e7894e72
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07B09220F1BA82C2EA1C3F216C8225462A57F88720FC80038C50C80320DF2C20B69731
                                                                                                                                                                                                                            Function 00007FF7CFBC9760 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
                                                                                                                                                                                                                            • Instruction ID: 5eb60c115577a83c40622decc3656754b18757430039d7c148d55fdb0ff6bdc8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C7182727301B49BEB648F2E9514AE93790F36A349FC16115EB8547B81CF3EB921CB60
                                                                                                                                                                                                                            Function 00007FF7CFBD0700 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                                                            • Instruction ID: a6097e78f8d992bac6b7ffacf4ea65fbfa13b03928c046fd3936ca72cf0fa64e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B541925280D6CA04E999AD3815007F4A680AF22BF2DD853B7DD991B3CFCB0D65868673
                                                                                                                                                                                                                            Function 00007FF7CFBD4684 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                            • Opcode ID: 8184ceee08c926232b66fec4304a60d1460a3db1784b2f9295ed3c75a5390078
                                                                                                                                                                                                                            • Instruction ID: dc7183fc276ca477e3b0964d64489147ee56541e2aaf3322063f96b479207235
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8184ceee08c926232b66fec4304a60d1460a3db1784b2f9295ed3c75a5390078
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E041B222714A9582EB08DF7AD9255A9E391BB48FE4B899033DE4D97B58DF3CD0468320
                                                                                                                                                                                                                            Function 00007FF7CFBE3A60 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
                                                                                                                                                                                                                            • Instruction ID: 7da44ac6520eab4e99de4e18fca1992781acc43f448fad03498e9633a1e602f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F06871B182958AEBA89F29B8026697BD4FB48390FD4D039DA8D83B14D63C90618F24
                                                                                                                                                                                                                            Function 00007FF7CFBCB0C4 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
                                                                                                                                                                                                                            • Instruction ID: bb1af0b086af738bd22f7503c9080b83c6b1c0234450b34565d84991b5b62a8a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5A00221A0CD82D0E608AF31EA501BDA330FB50320BC25035C11DC20A89F3EA500C331
                                                                                                                                                                                                                            Function 00007FF7CFBC51F0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                            • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                            • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                            • Opcode ID: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                                                            • Instruction ID: bdd13d9a34d7172f51faff273ea329d0ea08db3049ccd80691688a78dd72dd06
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84E10264A09B8390FA19FF25BD902FAA7A5BF057B0BE41131D81E463A4EF7CB545C270
                                                                                                                                                                                                                            Function 00007FF7CFBC2020 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                            • Opcode ID: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                                                            • Instruction ID: 4a5a25262d377bc438db715eaebd04899d714891684bccf52cfa74d9a3e463fc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE51D522618BE186D6349F36A0182BAF7A1FB58B61F404125EBCE83685DF7CD045DB20
                                                                                                                                                                                                                            Function 00007FF7CFBC12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                            • Opcode ID: 36925c8e5bfad05541d43b4fca73e6e1cb4ae6bdd8f4fa2d25250e9ef6157e20
                                                                                                                                                                                                                            • Instruction ID: 409c7222435afbcd6f4ac1334175bd307569afba7bfab1e1143f00e8f4529a98
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36925c8e5bfad05541d43b4fca73e6e1cb4ae6bdd8f4fa2d25250e9ef6157e20
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69414C62A08AC282EA14FF25E9406FAE3A0FF44BA4FD54432DA4D57B55EF7CE5418730
                                                                                                                                                                                                                            Function 00007FF7CFBC70F0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC718F
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC71DF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                            • API String ID: 626452242-27947307
                                                                                                                                                                                                                            • Opcode ID: 0479d7125ede5794cb059df8a79c3556dab816403aa94870206e97f7c2a4f6c1
                                                                                                                                                                                                                            • Instruction ID: c83523253db7ed247c55f368d9999e15fed7fe28b1f37fdb839e33045c630e35
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0479d7125ede5794cb059df8a79c3556dab816403aa94870206e97f7c2a4f6c1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5418032A08BC282DA60EF65B4401AAF7A4FB857A0FA44135EE9D47B94DF3CD055C730
                                                                                                                                                                                                                            Function 00007FF7CFBC75A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC75E1
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC7655
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                            • API String ID: 3723044601-27947307
                                                                                                                                                                                                                            • Opcode ID: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                                                            • Instruction ID: 6142a883295431557d6c763efc48c468125b3b6da6721f2d4edf789490540dda
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE219421A18BC385EB10EF39EC401BAB7A5AB44BE0BA44535CA9D43794EF7CE445C330
                                                                                                                                                                                                                            Function 00007FF7CFBC7690 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                            • API String ID: 626452242-876015163
                                                                                                                                                                                                                            • Opcode ID: beddf7fcbb6db7b1c79f04a56d176a201efa2834b77932cd8f77e16b213b791c
                                                                                                                                                                                                                            • Instruction ID: f1100f57a9e39d22977691d27d19a13088c4d3c05f7792962537a426cfdeb8f7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beddf7fcbb6db7b1c79f04a56d176a201efa2834b77932cd8f77e16b213b791c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71419632A09BC682EA10EF26A8441B6B7A5FB447A0FA44136DE9D47B94DF3CD455C730
                                                                                                                                                                                                                            Function 00007FF7CFBCC420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC4A5
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC4B3
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC4DD
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC523
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC52F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                            • Opcode ID: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                                                            • Instruction ID: 03271c85333b9ecbd9b82fe150f90eb4af50d9910be98b9f8f60323e78f23ec7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE31A3A1A1A6C195EE11BF2AA4016BAA394BF19BB4F9A4535DD1D4B384EF3CF4418330
                                                                                                                                                                                                                            Function 00007FF7CFBC5FD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7CFBC631F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7CFBC602F
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2760: MessageBoxW.USER32 ref: 00007FF7CFBC2831
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7CFBC608A
                                                                                                                                                                                                                            • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7CFBC6006
                                                                                                                                                                                                                            • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7CFBC6043
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                            • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                            • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                            • Opcode ID: e7db58c18a2d288e789c49a99f21a93185caa056b732c061e279c77c2bdcc716
                                                                                                                                                                                                                            • Instruction ID: 9e31436d22075a7c9ae99307651aa4ba2a066a89c3797567b99ba7e926f0b167
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7db58c18a2d288e789c49a99f21a93185caa056b732c061e279c77c2bdcc716
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA31A551B1DAC341FA64BF35E9553FBD2A1AF887E1FC44032DA4E4269AEF2CE5048630
                                                                                                                                                                                                                            Function 00007FF7CFBC7490 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC7550
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                            • API String ID: 3723044601-876015163
                                                                                                                                                                                                                            • Opcode ID: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                                                            • Instruction ID: fdd4d4f969c0c4d22f83ca58d92406bd259031944a01dffcc9ed665178d56cb9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D214621B08A8242EB50EF39F8401AAE7A1FB847E4FD84535DF5C83B69EF6CD5558720
                                                                                                                                                                                                                            Function 00007FF7CFBE2280 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                            • Opcode ID: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                                                            • Instruction ID: 087736151fe30c49d4b39d06075e6bd6b6de584282b2d84e70f396dab914e059
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B11B235B18B8186E350AF62E8547A9E3A0FB88FF4F940234EA1D87794DF7CD4448760
                                                                                                                                                                                                                            Function 00007FF7CFBC2230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                            • Opcode ID: 4aee04a7886f521385e162f3af3d8ef7b6e47f563245e1f94cffa6d44c137a89
                                                                                                                                                                                                                            • Instruction ID: 1c747b8390a6344ed88f2875b870b9a10dc7e2a36256745d681e451fae0bc673
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4aee04a7886f521385e162f3af3d8ef7b6e47f563245e1f94cffa6d44c137a89
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14313672A09AC285EB24EF71E8551FAA364FF887A4F840135EA4E87B59DF3CD145C720
                                                                                                                                                                                                                            Function 00007FF7CFBC2610 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC6FA0: GetLastError.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FC7
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC6FA0: FormatMessageW.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FF6
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 00007FF7CFBC2738
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                            • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                            • Opcode ID: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                                                            • Instruction ID: 13a15e4fb7a8668295bb9b31e52a3ad5a6e3164be72021faa4cc9e2b9c1bf678
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B314372628AC291EA20AF20E4517EBA364FF84794FC05036E68D47A99DF7CD605CB70
                                                                                                                                                                                                                            Function 00007FF7CFBD43E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                            • Opcode ID: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                                                            • Instruction ID: d41c01f67d1a3f9c31236ae43d03c114c8a064ca11a5aec448d5709cb92b7630
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F03A61A19A8281EB48AF30E8843B8A360EF48B65FC4103AD54F86569CF3CE588C730
                                                                                                                                                                                                                            Function 00007FF7CFBE3854 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                                            • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                                                            • Instruction ID: d77aa0bb2dfdc366b32d6fe74a7f54cda6e6601de35c2c0790526fd7d42b1b66
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03115B22E18AC301F6643F38E4623F598906F54374FEC0634EB6E063D68F1EA8445370
                                                                                                                                                                                                                            Function 00007FF7CFBDA940 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                            • Opcode ID: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                                                            • Instruction ID: dbdd0ed6e66476ca56e90bb0e771a068ab0fec6e840f212a431fb9db6c90541c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B81C576E092C285FB6C6F35C6502F8B699AB11F64FD54032CA0D5768EDB2DE8429333
                                                                                                                                                                                                                            Function 00007FF7CFBC24C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                            • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                            • Opcode ID: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                                                            • Instruction ID: 86da02784a14ee3cdd724e342856f33f381618de5362e94708ef3cd500944d0c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72313272628AC291E620BF20E4517EBA364FF84794FC05036EA8D47A99DF3CD205CB70
                                                                                                                                                                                                                            Function 00007FF7CFBC3A40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC3A71
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                            • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                            • Opcode ID: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                                                            • Instruction ID: 1b9cffb60b54ba0fc27196ab15abd7df9a916b9c3af3e7757139a26caf33e4c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24018420B186C281FA60BF30D8553FA9355BF4C7A4FC44032E84DC6292EF1CE5548730
                                                                                                                                                                                                                            Function 00007FF7CFBE0CAC Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 72036449-0
                                                                                                                                                                                                                            • Opcode ID: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                                                            • Instruction ID: 8094f8f7b1c0c2611b743d0323767a29994d07475f71892699173aec6d18f32f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62519C32E0C28286F7696F3894113FAE680DB407B4F998435DE89562D6CB7CF8418772
                                                                                                                                                                                                                            Function 00007FF7CFBC1F60 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                                                            • Opcode ID: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                                                            • Instruction ID: 06e0134d879a74a059e884eb499e3109dcf021433b9cde77592bcaa0ad9518a3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B11E531E181C242F754BF7AE6443FA9292EF98BA0FC59031EA4D06B89CF2CD4818230
                                                                                                                                                                                                                            Function 00007FF7CFBCDD10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                            • Opcode ID: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                                                            • Instruction ID: 4cc26fab56f1ad0fa1eb7fbceb92a65ec34617abc345f6ef80e700adb507e3da
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC51657A9082A386EB64BF34C0443FEB7A1FB69B28FD41135C65946295CF78E485C731
                                                                                                                                                                                                                            Function 00007FF7CFBD8C64 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: e+000$gfff
                                                                                                                                                                                                                            • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                            • Opcode ID: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                                                            • Instruction ID: c88834f893563440471d5c9fb35876a3732ffa840c4eb1224e31b30ee81c3604
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5512862B187C586E7259F3598403A9EB91EB90BA0F889236C79C47BD9CF3CD444C731
                                                                                                                                                                                                                            Function 00007FF7CFBC48D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: mbstowcs
                                                                                                                                                                                                                            • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
                                                                                                                                                                                                                            • API String ID: 103190477-3625900369
                                                                                                                                                                                                                            • Opcode ID: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                                                            • Instruction ID: 99ff3c91202a99ccaa6964aad8039058796a341b81bca0ab53685992eae7b661
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58517B25A0868285EB14BF35E8552FAA2A1EF84BA0FD04136D90D477DACF7CE9418370
                                                                                                                                                                                                                            Function 00007FF7CFBD39A8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFreeHeapModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                            • API String ID: 13503096-1916908765
                                                                                                                                                                                                                            • Opcode ID: a0db937cb48e5555c0aa2b5073e1e97a2fe895dedc9c2afe16242f2bd3fc8e43
                                                                                                                                                                                                                            • Instruction ID: f43e1cb27217db3d8c0b266052ddabe2ff95d7ff2d6a6d55e588c89c88a9f669
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0db937cb48e5555c0aa2b5073e1e97a2fe895dedc9c2afe16242f2bd3fc8e43
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D417136B09B9285EB14EF31E4411FDA7A4EF447A4B984036EA4E47B8ADF3DE4418331
                                                                                                                                                                                                                            Function 00007FF7CFBD74EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                                            • Opcode ID: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                                                            • Instruction ID: da0fc40f90b341717eabdde85bf21915e49555381f045dcef31bdc6161ba59c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E419472618A8582DB609F35E8443EAA760FB547A4F944032EE4D87798EF3CD441C761
                                                                                                                                                                                                                            Function 00007FF7CFBD9DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                                            • Opcode ID: 7a1663040830afbd14a95d1568e5670275db6cbd4f98cb1b9574ffbb39ff030b
                                                                                                                                                                                                                            • Instruction ID: e890f8f190b714ce5a97986d6a00f8205461daf0132c6490d62a9dd5d6ad3b87
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a1663040830afbd14a95d1568e5670275db6cbd4f98cb1b9574ffbb39ff030b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3121B972A086C182EB24AF35D4542BEB3A1FB84B54FC54036DA8D43689DF7CD9498771
                                                                                                                                                                                                                            Function 00007FF7CFBC2870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Error detected
                                                                                                                                                                                                                            • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                            • Opcode ID: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                                                            • Instruction ID: 2bde6861f5acd4649db96c0e62530255bc1c89a310d9e1b3f746d4706fc2b3fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86213272628AC291EB20AF21F4517EAA354FB84798FC05135EA8D47A99DF7CD205CB70
                                                                                                                                                                                                                            Function 00007FF7CFBC2760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Fatal error detected
                                                                                                                                                                                                                            • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                            • Opcode ID: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                                                            • Instruction ID: 83792241957908593c69e7e471e0f5550563ef7a4055df21a92e05712c2bd6de
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83213272628AC291EB20AF20F4517EAA354FF84798FC05135EA8D47A99DF7CD205CB70
                                                                                                                                                                                                                            Function 00007FF7CFBD982C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CompareStringtry_get_function
                                                                                                                                                                                                                            • String ID: CompareStringEx
                                                                                                                                                                                                                            • API String ID: 3328479835-2590796910
                                                                                                                                                                                                                            • Opcode ID: 29c81749be49492956bf448d50416fb18953341cf3f470c3aeb53833f47193c7
                                                                                                                                                                                                                            • Instruction ID: 3b428ee6d8103dc0c664d43921bb7bd21d54e9bfb5e50f680b9ed1650451068d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29c81749be49492956bf448d50416fb18953341cf3f470c3aeb53833f47193c7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53111A36A08BC186D7609F15B4402AAB7A1FB89BD0F544136EA8D83B19CF3CD4508B50
                                                                                                                                                                                                                            Function 00007FF7CFBD9A98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Stringtry_get_function
                                                                                                                                                                                                                            • String ID: LCMapStringEx
                                                                                                                                                                                                                            • API String ID: 2588686239-3893581201
                                                                                                                                                                                                                            • Opcode ID: 938b4cabf045120e554f7056953f86ac9635c27825e0d85b6221573e9749b67b
                                                                                                                                                                                                                            • Instruction ID: 42b4cb1e900505e124af3b6e092bbab0b1fdb22d86cf30d6253eff5ae67c3a24
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 938b4cabf045120e554f7056953f86ac9635c27825e0d85b6221573e9749b67b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B11F936608BC186D760DF25B4402AAF7A5FB89BA0F544136EACD93B19CF3CE5448B50
                                                                                                                                                                                                                            Function 00007FF7CFBDA7E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 3215553584-336475711
                                                                                                                                                                                                                            • Opcode ID: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                                                            • Instruction ID: 03958cffb3aabfc21e0b0cd34d1741148874df5ccf1f9458baff15f0d13edf7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC01A26290C28285F724BF70A4612FFA360EF44764FC00036D94D86696EF3CE5058B35
                                                                                                                                                                                                                            Function 00007FF7CFBD9A34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF7CFBD9A65
                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF7CFBD5D0E,?,?,?,00007FF7CFBD5C06,?,?,?,00007FF7CFBD0C32,?,?,00000000,00007FF7CFBC3BA9), ref: 00007FF7CFBD9A7F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                                                                            • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                            • API String ID: 539475747-3084827643
                                                                                                                                                                                                                            • Opcode ID: ea2b473bdb4af6d4d3061d9ce177a635df04aaff899401cb1b17dfcad325bad1
                                                                                                                                                                                                                            • Instruction ID: da14fc55365c2b82a99b56c93673dce0fdb0b1d7c6abf12dbde0c46ddc51362f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea2b473bdb4af6d4d3061d9ce177a635df04aaff899401cb1b17dfcad325bad1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CF05426B187C181E6186F61F5401F5A361AF48BA0FC45036DA5D13B58CF7CE945C770
                                                                                                                                                                                                                            Function 00007FF7CFBD99E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF7CFBD9A09
                                                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,?,00000000,00007FF7CFBD86AA,?,?,00000000,00007FF7CFBCFC79,?,?,?,?,00007FF7CFBD59F1), ref: 00007FF7CFBD9A20
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1917369749.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917342328.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917406873.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917437378.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1917494158.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Valuetry_get_function
                                                                                                                                                                                                                            • String ID: FlsSetValue
                                                                                                                                                                                                                            • API String ID: 738293619-3750699315
                                                                                                                                                                                                                            • Opcode ID: df5f7d63849f41ae9f7569e8dc870c87d44edfa89a3ce8aff31ae8955888d4c4
                                                                                                                                                                                                                            • Instruction ID: dc4289760bee6367514f384b1fbffe3202719a72335a9011b6ed0ba799808303
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df5f7d63849f41ae9f7569e8dc870c87d44edfa89a3ce8aff31ae8955888d4c4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E06562A1868282EA087F75F8002F4A222EF487A0FC85032D51D06254CF3CF844C331

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:2%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:0.4%
                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                            Total number of Limit Nodes:28
                                                                                                                                                                                                                            execution_graph 61178 70a0e6f0 61179 70a0e89b 61178->61179 61180 70a0e745 61178->61180 61180->61179 61181 70a0e805 strlen strncmp 61180->61181 61183 70a0e82b 61181->61183 61183->61179 61184 70a0dc10 61183->61184 61211 70a96150 61184->61211 61187 70a0dc92 61192 70a0e550 61187->61192 61203 70a0dca0 61187->61203 61188 70a0df5a 61253 70a04590 35 API calls 61188->61253 61189 70a0dcbe 61213 70a0a420 malloc 61189->61213 61255 70a96380 14 API calls 61192->61255 61194 70a0df7d 61199 70a0dc56 61194->61199 61258 70a96380 14 API calls 61194->61258 61195 70a0a420 55 API calls 61195->61199 61198 70a05300 35 API calls 61198->61199 61199->61194 61199->61195 61199->61198 61210 70a0dc7b 61199->61210 61252 70a05300 35 API calls 61199->61252 61254 70a268a0 __iob_func abort 61199->61254 61256 70a26200 __iob_func abort 61199->61256 61257 70a26d60 __iob_func abort 61199->61257 61201 70a0dce4 61251 70a04590 35 API calls 61201->61251 61203->61188 61203->61189 61203->61199 61203->61210 61207 70a0dcef free 61207->61199 61208 70a0ddb6 free 61208->61199 61210->61179 61212 70a0dc26 strlen strncmp 61211->61212 61212->61187 61212->61199 61214 70a0a4c4 61213->61214 61215 70a0a44a 61213->61215 61216 70a0a5c0 61214->61216 61217 70a0a4db 61214->61217 61259 70a2db90 __iob_func abort 61215->61259 61263 70a04230 7 API calls 61216->61263 61222 70a0a6c0 _errno strerror 61217->61222 61223 70a0a4ea _errno 61217->61223 61220 70a0a455 61229 70a0a490 free 61220->61229 61230 70a0a470 61220->61230 61221 70a0a5d3 61224 70a0a730 fprintf 61221->61224 61225 70a0a5df _errno 61221->61225 61231 70a0a6e6 fprintf 61222->61231 61226 70a0a47a 61223->61226 61239 70a0a767 _errno strerror fprintf 61224->61239 61227 70a0a787 _errno strerror fprintf 61225->61227 61228 70a0a5eb 8 API calls 61225->61228 61226->61201 61226->61210 61237 70a0a660 fprintf 61228->61237 61233 70a0a4f4 61229->61233 61234 70a0a4a9 61229->61234 61260 70a03760 14 API calls 61230->61260 61231->61224 61261 70a04230 7 API calls 61233->61261 61242 70a0a4b8 _errno 61234->61242 61247 70a0a690 61234->61247 61241 70a0a675 fputc 61237->61241 61238 70a0a507 61238->61231 61240 70a0a513 _errno 61238->61240 61239->61227 61240->61239 61244 70a0a51f fprintf 61240->61244 61241->61247 61242->61226 61262 70a2db70 61244->61262 61246 70a0a54a fprintf fputc fclose 61248 70a0a57f 61246->61248 61247->61222 61249 70a0a590 fprintf 61248->61249 61250 70a0a5a5 fputc 61249->61250 61250->61216 61251->61207 61252->61208 61253->61194 61254->61199 61256->61199 61257->61199 61259->61220 61260->61226 61261->61238 61262->61246 61263->61221 61264 70a199f0 61265 70a1a6d0 61264->61265 61324 70a19a11 61264->61324 61266 70a1a6e7 _errno 61265->61266 61275 70a19afb 61265->61275 61266->61324 61267 70a1a704 61268 70a1a903 _errno 61269 70a1a911 fprintf fprintf fputc fclose 61268->61269 61270 70a1aff3 _errno strerror fprintf 61268->61270 61276 70a1a96e fprintf 61269->61276 61270->61275 61271 70a1a73f _errno 61273 70a1b493 _errno strerror fprintf 61271->61273 61973 70a1a74b fprintf fputc fclose 61271->61973 61272 70a1b33e fprintf 61272->61324 61273->61324 61274 70a1a8be fprintf 61274->61275 61275->61268 61275->61271 61275->61272 61275->61274 61278 70a1a7c0 _errno 61275->61278 61280 70a19c7e GetProcAddress 61275->61280 61281 70a1b021 fprintf 61275->61281 61289 70a1ae06 _errno 61275->61289 61294 70a1a7fc _errno 61275->61294 61297 70a1bb50 _errno 61275->61297 61298 70a1bf77 fprintf 61275->61298 61303 70a1aa9f _errno 61275->61303 61305 70a1bd30 free 61275->61305 61311 70a1c1aa fprintf 61275->61311 61315 70a1ac44 _errno 61275->61315 61318 70a1bb71 _errno strerror fprintf 61275->61318 61323 70a1ad14 _errno 61275->61323 61275->61324 61326 70a1aeb1 fprintf 61275->61326 61327 70a1a9e2 _errno 61275->61327 61328 70a1c781 fprintf 61275->61328 61330 70a1bfae fprintf 61275->61330 61332 70a1ab74 _errno 61275->61332 61336 70a1c0f8 _errno 61275->61336 61339 70a1bd71 _errno 61275->61339 61340 70a1c221 fprintf 61275->61340 61341 70a1ba8f fprintf 61275->61341 61342 70a1aeee fprintf 61275->61342 61350 70a1c98c fprintf 61275->61350 61351 70a1c5d8 _errno 61275->61351 61352 70a1b98e fprintf 61275->61352 61355 70a1ccfd fprintf 61275->61355 61360 70a1bce1 fprintf 61275->61360 61361 70a1c129 fprintf fprintf fputc fclose 61275->61361 61364 70a1b627 _errno 61275->61364 61366 70a1c855 _errno 61275->61366 61370 70a1b884 _errno 61275->61370 61372 70a1b1cd fprintf 61275->61372 61373 70a1cab3 fprintf 61275->61373 61377 70a1c361 fprintf 61275->61377 61378 70a1bf4a _errno 61275->61378 61387 70a1bd9e fprintf 61275->61387 61388 70a1c30a fprintf 61275->61388 61390 70a1af56 _errno 61275->61390 61392 70a1c7d8 fprintf 61275->61392 61393 70a1b7c6 _errno 61275->61393 61394 70a1bbc7 _errno 61275->61394 61397 70a1d181 fprintf 61275->61397 61398 70a1c4e5 fprintf 61275->61398 61401 70a1c178 fprintf 61275->61401 61403 70a1c26f _errno 61275->61403 61407 70a1ba0e fprintf fprintf fputc fclose 61275->61407 61413 70a1c51c fprintf 61275->61413 61415 70a1d1e2 _errno 61275->61415 61417 70a1b5cd fprintf 61275->61417 61420 70a1be70 _errno 61275->61420 61421 70a1c72a fprintf 61275->61421 61422 70a1baf4 _errno 61275->61422 61424 70a1c398 fprintf 61275->61424 61425 70a1b17e fprintf fprintf fputc fclose 61275->61425 61426 70a1c00b _errno 61275->61426 61428 70a1c955 fprintf 61275->61428 61433 70a1c9eb _errno 61275->61433 61434 70a1b9f4 _errno 61275->61434 61440 70a1c3f5 _errno 61275->61440 61445 70a04230 7 API calls 61275->61445 61447 70a1d684 fprintf 61275->61447 61453 70a1cb0a fprintf 61275->61453 61459 70a1ccbf fprintf 61275->61459 61460 70a1b44e 61275->61460 61461 70a1c6fa fprintf 61275->61461 61464 70a1c644 _errno 61275->61464 61465 70a1ba5d fprintf 61275->61465 61467 70a1d3a3 fprintf 61275->61467 61468 70a1cb61 fprintf 61275->61468 61473 70a1cd73 _errno 61275->61473 61475 70a1b562 _errno 61275->61475 61477 70a1cf3a fprintf 61275->61477 61480 70a1be04 _errno 61275->61480 61484 70a1d111 fprintf 61275->61484 61491 70a1d75c _errno 61275->61491 61497 70a1d4d1 fprintf 61275->61497 61502 70a1d6c2 fprintf 61275->61502 61503 70a1b57e fprintf fprintf fputc fclose 61275->61503 61509 70a1cbc0 _errno 61275->61509 61513 70a1ce7b _errno 61275->61513 61514 70a1e045 fprintf 61275->61514 61515 70a2196f fprintf 61275->61515 61516 70a1d3da fprintf 61275->61516 61517 70a1d422 _errno 61275->61517 61518 70a1d87a _errno 61275->61518 61524 70a1d2bb _errno 61275->61524 61532 70a1d548 fprintf 61275->61532 61535 70a1dba2 fprintf 61275->61535 61544 70a1d80b fprintf 61275->61544 61548 70a1dd71 GetProcAddress 61275->61548 61553 70a1d5be _errno 61275->61553 61556 70a1dc33 _errno 61275->61556 61557 70a219be _errno 61275->61557 61570 70a21a84 fprintf 61275->61570 61573 70a21d3b _errno 61275->61573 61574 70a1dcf9 fprintf 61275->61574 61579 70a1e132 _errno 61275->61579 61580 70a1d96f _errno 61275->61580 61581 70a1df24 _errno 61275->61581 61583 70a1dcc0 fprintf 61275->61583 61586 70a21e01 fprintf 61275->61586 61587 70a21a4b fprintf 61275->61587 61594 70a21e4d _errno 61275->61594 61595 70a1e1f8 fprintf 61275->61595 61596 70a1de12 _errno 61275->61596 61597 70a1da35 fprintf 61275->61597 61598 70a21c10 _errno 61275->61598 61599 70a1dfea fprintf 61275->61599 61601 70a21dc8 fprintf 61275->61601 61606 70a21f13 fprintf 61275->61606 61609 70a21afe _errno 61275->61609 61610 70a1da81 _errno 61275->61610 61614 70a1e1bf fprintf 61275->61614 61615 70a1d9fc fprintf 61275->61615 61618 70a1ded8 fprintf 61275->61618 61621 70a1dfb1 fprintf 61275->61621 61622 70a21cd6 fprintf 61275->61622 61623 70a2182e _errno 61275->61623 61626 70a21bc4 fprintf 61275->61626 61627 70a2171c _errno 61275->61627 61628 70a1db47 fprintf 61275->61628 61633 70a21eda fprintf 61275->61633 61634 70a215dc _errno 61275->61634 61635 70a1de9f fprintf 61275->61635 61640 70a21c9d fprintf 61275->61640 61641 70a218f4 fprintf 61275->61641 61645 70a21b8b fprintf 61275->61645 61646 70a1db0e fprintf 61275->61646 61647 70a217e2 fprintf 61275->61647 61649 70a214ca _errno 61275->61649 61651 70a216a2 fprintf 61275->61651 61654 70a2138a _errno 61275->61654 61656 70a218bb fprintf 61275->61656 61661 70a21278 _errno 61275->61661 61662 70a217a9 fprintf 61275->61662 61668 70a21590 fprintf 61275->61668 61669 70a21138 _errno 61275->61669 61670 70a21669 fprintf 61275->61670 61674 70a21450 fprintf 61275->61674 61676 70a1b716 _errno 61275->61676 61680 70a2133e fprintf 61275->61680 61682 70a21026 _errno 61275->61682 61683 70a21557 fprintf 61275->61683 61686 70a211fe fprintf 61275->61686 61687 70a20ee6 _errno 61275->61687 61688 70a21417 fprintf 61275->61688 61693 70a20dd4 _errno 61275->61693 61694 70a21305 fprintf 61275->61694 61699 70a210ec fprintf 61275->61699 61700 70a20c94 _errno 61275->61700 61701 70a211c5 fprintf 61275->61701 61705 70a20fac fprintf 61275->61705 61710 70a20e9a fprintf 61275->61710 61712 70a20b82 _errno 61275->61712 61714 70a210b3 fprintf 61275->61714 61716 70a20d5a fprintf 61275->61716 61717 70a20a42 _errno 61275->61717 61718 70a20f73 fprintf 61275->61718 61722 70a20930 _errno 61275->61722 61723 70a20e61 fprintf 61275->61723 61728 70a20c48 fprintf 61275->61728 61729 70a207f0 _errno 61275->61729 61730 70a20d21 fprintf 61275->61730 61733 70a1b164 _errno 61275->61733 61735 70a20b08 fprintf 61275->61735 61742 70a209f6 fprintf 61275->61742 61743 70a206de _errno 61275->61743 61744 70a20c0f fprintf 61275->61744 61747 70a208b6 fprintf 61275->61747 61748 70a2059e _errno 61275->61748 61749 70a20acf fprintf 61275->61749 61753 70a2048c _errno 61275->61753 61754 70a209bd fprintf 61275->61754 61758 70a1b309 _errno 61275->61758 61761 70a207a4 fprintf 61275->61761 61762 70a2034c _errno 61275->61762 61763 70a2087d fprintf 61275->61763 61767 70a20664 fprintf 61275->61767 61772 70a20552 fprintf 61275->61772 61773 70a2023a _errno 61275->61773 61774 70a2076b fprintf 61275->61774 61777 70a20412 fprintf 61275->61777 61778 70a200fa _errno 61275->61778 61779 70a2062b fprintf 61275->61779 61784 70a1ffe8 _errno 61275->61784 61785 70a20519 fprintf 61275->61785 61786 70a1c59b _errno 61275->61786 61790 70a20300 fprintf 61275->61790 61792 70a1fea8 _errno 61275->61792 61793 70a203d9 fprintf 61275->61793 61797 70a201c0 fprintf 61275->61797 61801 70a1d0c1 fprintf 61275->61801 61803 70a200ae fprintf 61275->61803 61804 70a1b956 _errno 61275->61804 61805 70a1fd96 _errno 61275->61805 61807 70a202c7 fprintf 61275->61807 61810 70a1ff6e fprintf 61275->61810 61812 70a1fc56 _errno 61275->61812 61813 70a20187 fprintf 61275->61813 61817 70a1fb44 _errno 61275->61817 61818 70a20075 fprintf 61275->61818 61822 70a1fe5c fprintf 61275->61822 61823 70a1fa04 _errno 61275->61823 61825 70a1ff35 fprintf 61275->61825 61829 70a1fd1c fprintf 61275->61829 61835 70a1fc0a fprintf 61275->61835 61836 70a1f8f2 _errno 61275->61836 61837 70a1fe23 fprintf 61275->61837 61840 70a1faca fprintf 61275->61840 61841 70a1f7b2 _errno 61275->61841 61842 70a1fce3 fprintf 61275->61842 61846 70a1f6a0 _errno 61275->61846 61847 70a1fbd1 fprintf 61275->61847 61851 70a1f9b8 fprintf 61275->61851 61853 70a1f560 _errno 61275->61853 61854 70a1fa91 fprintf 61275->61854 61859 70a1f878 fprintf 61275->61859 61865 70a1f766 fprintf 61275->61865 61866 70a1f44e _errno 61275->61866 61867 70a1f97f fprintf 61275->61867 61870 70a1f626 fprintf 61275->61870 61871 70a1f30e _errno 61275->61871 61872 70a1f83f fprintf 61275->61872 61876 70a1f1fc _errno 61275->61876 61877 70a1f72d fprintf 61275->61877 61881 70a1f514 fprintf 61275->61881 61882 70a1f0bc _errno 61275->61882 61884 70a1f5ed fprintf 61275->61884 61889 70a1f3d4 fprintf 61275->61889 61894 70a1f2c2 fprintf 61275->61894 61895 70a1efaa _errno 61275->61895 61896 70a1f4db fprintf 61275->61896 61898 70a1f182 fprintf 61275->61898 61900 70a1ee6a _errno 61275->61900 61901 70a1f39b fprintf 61275->61901 61907 70a1ed58 _errno 61275->61907 61908 70a1f289 fprintf 61275->61908 61912 70a1f070 fprintf 61275->61912 61913 70a1ec18 _errno 61275->61913 61914 70a1f149 fprintf 61275->61914 61920 70a1ef30 fprintf 61275->61920 61926 70a1ee1e fprintf 61275->61926 61927 70a1eb06 _errno 61275->61927 61928 70a1f037 fprintf 61275->61928 61930 70a1ecde fprintf 61275->61930 61933 70a1e9c6 _errno 61275->61933 61934 70a1eef7 fprintf 61275->61934 61940 70a1ede5 fprintf 61275->61940 61945 70a1ebcc fprintf 61275->61945 61946 70a1eca5 fprintf 61275->61946 61947 70a1e8b4 _errno 61275->61947 61951 70a1ea8c fprintf 61275->61951 61953 70a1e758 _errno 61275->61953 61960 70a1eb93 fprintf 61275->61960 61964 70a1e97a fprintf 61275->61964 61965 70a1ea53 fprintf 61275->61965 61966 70a1e646 _errno 61275->61966 61968 70a1e81e fprintf 61275->61968 61969 70a1e4ce _errno 61275->61969 61975 70a1e3bc _errno 61275->61975 61976 70a1e941 fprintf 61275->61976 61980 70a1e70c fprintf 61275->61980 61981 70a1e7e5 fprintf 61275->61981 61984 70a1e594 fprintf 61275->61984 61985 70a1e482 fprintf 61275->61985 61987 70a1e6d3 fprintf 61275->61987 61988 70a1e244 _errno 61275->61988 61990 70a1e55b fprintf 61275->61990 61993 70a1e30a fprintf 61275->61993 61994 70a1e449 fprintf 61275->61994 61997 70a1e2d1 fprintf 61275->61997 61282 70a1a980 fputc 61276->61282 61278->61267 61278->61275 61280->61275 61285 70a19cab GetProcAddress 61280->61285 61281->61324 61290 70a1a992 GetProcAddress 61282->61290 61283 70a1a788 fputc 61283->61267 61285->61275 61288 70a19cc0 GetProcAddress 61285->61288 61286 70a1b4c8 _errno 61286->61324 61288->61275 61293 70a19cd5 GetProcAddress 61288->61293 61295 70a1c753 _errno strerror fprintf 61289->61295 61296 70a1ae14 fprintf fprintf fputc fclose 61289->61296 61290->61275 61292 70a19cf1 GetProcAddress 61290->61292 61299 70a19d0d GetProcAddress 61292->61299 61292->61324 61293->61290 61293->61292 61300 70a1c1f3 _errno strerror fprintf 61294->61300 61301 70a1a808 fprintf fputc fclose 61294->61301 61295->61275 61307 70a1ae78 fprintf 61296->61307 61297->61275 61304 70a1c801 _errno strerror fprintf 61297->61304 61298->61275 61306 70a19d29 GetProcAddress 61299->61306 61299->61324 61300->61275 61316 70a1a85a fputc 61301->61316 61309 70a1bc80 _errno strerror fprintf 61303->61309 61310 70a1aaad fprintf fprintf fputc fclose 61303->61310 61304->61324 61305->61275 61305->61324 61306->61275 61314 70a19d3e GetProcAddress 61306->61314 61325 70a1ae91 fputc 61307->61325 61308 70a1b76f _errno 61317 70a1c333 _errno strerror fprintf 61308->61317 61308->61324 61334 70a1bca0 fprintf 61309->61334 61329 70a1ab11 fprintf 61310->61329 61338 70a1c1d3 _errno strerror fprintf 61311->61338 61312 70a04a00 49 API calls 61319 70a1b3cc free 61312->61319 61313 70a1b087 _errno 61313->61267 61358 70a1b0a4 61313->61358 61320 70a19d5a GetProcAddress 61314->61320 61314->61324 61321 70a1ac50 fprintf fprintf fputc fclose 61315->61321 61322 70a1bf0b _errno strerror fprintf 61315->61322 61316->61324 61317->61275 61318->61324 62171 70a0da10 61319->62171 61320->61324 61333 70a19d6f GetProcAddress GetProcAddress 61320->61333 61348 70a1acb4 fprintf 61321->61348 61322->61275 61337 70a1ad20 fprintf fprintf fputc fclose 61323->61337 61323->61338 61324->61267 61324->61275 61324->61278 61324->61286 61324->61305 61324->61308 61324->61312 61324->61313 61324->61339 61374 70a1cf97 _errno 61324->61374 61395 70a1b417 _time64 61324->61395 61427 70a1b82f _errno 61324->61427 61571 70a1d91b GetProcAddress 61324->61571 61655 70a1a569 _time64 srand 61324->61655 61689 70a2d4b0 2 API calls 61324->61689 61757 70a2d0c0 10 API calls 61324->61757 61860 70a05fd0 107 API calls 61324->61860 61883 70a1b7f0 free 61324->61883 61902 70a1b238 free 61324->61902 61935 70a1b277 _errno 61324->61935 61943 70a0a420 55 API calls 61324->61943 61957 70a1b216 memcpy free 61324->61957 62005 70a2d920 61324->62005 62019 70a2d690 61324->62019 62033 70a2d210 61324->62033 62047 70a2d360 61324->62047 62061 70a70830 61324->62061 62070 70a04a00 61324->62070 62194 70a04230 7 API calls 61324->62194 61325->61278 61326->61275 61343 70a1cf6a _errno strerror fprintf 61327->61343 61344 70a1a9ee fprintf fprintf fputc fclose 61327->61344 61353 70a1c7aa _errno strerror fprintf 61328->61353 61354 70a1ab2a fputc 61329->61354 61330->61275 61345 70a1ab80 fprintf fprintf fputc fclose 61332->61345 61346 70a1c4b7 _errno strerror fprintf 61332->61346 61333->61324 61347 70a19d98 GetProcAddress GetProcAddress 61333->61347 61334->61283 61336->61275 61349 70a1c100 _errno strerror fprintf 61336->61349 61362 70a1ad84 fprintf 61337->61362 61338->61300 61339->61275 61340->61275 61341->61324 61342->61324 61343->61324 61365 70a1aa52 fprintf 61344->61365 61367 70a1abe4 fprintf 61345->61367 61346->61275 61347->61275 61356 70a19dc1 GetProcAddress GetProcAddress 61347->61356 61371 70a1accd fputc 61348->61371 61349->61275 61350->61324 61351->61275 61363 70a1c5e2 _errno strerror fprintf 61351->61363 61352->61324 61353->61275 61354->61324 61381 70a1cd26 _errno strerror fprintf 61355->61381 61356->61275 61368 70a19df1 GetProcAddress 61356->61368 61359 70a1b0c3 _errno 61358->61359 61385 70a1b4fe fprintf 61358->61385 62191 70a04230 7 API calls 61358->62191 61359->61318 61369 70a1b0d1 fprintf fputc fclose 61359->61369 61360->61324 61361->61275 61386 70a1ad9d fputc 61362->61386 61363->61275 61375 70a1b631 _errno strerror fprintf 61364->61375 61376 70a1b64c fprintf fprintf fputc fclose 61364->61376 61389 70a1aa6b fputc 61365->61389 61379 70a1c877 fprintf fprintf fputc fclose 61366->61379 61380 70a1c85c _errno strerror fprintf 61366->61380 61396 70a1abfd fputc 61367->61396 61368->61275 61382 70a19e0d GetProcAddress 61368->61382 61400 70a1b11d fputc 61369->61400 61383 70a1b890 fprintf fprintf fputc fclose 61370->61383 61384 70a1cadc _errno strerror fprintf 61370->61384 61371->61278 61402 70a1b1df fputc 61372->61402 61373->61275 61374->61267 61435 70a1cfdd 61374->61435 61375->61376 61404 70a1b6b0 fprintf 61376->61404 61377->61275 61378->61275 61391 70a1cb33 _errno strerror fprintf 61378->61391 61411 70a1c8db fprintf 61379->61411 61380->61379 61381->61324 61382->61275 61399 70a19e29 GetProcAddress 61382->61399 61416 70a1b8f4 fprintf 61383->61416 61384->61275 61385->61324 61386->61278 61387->61324 61388->61317 61389->61278 61405 70a1cc91 _errno strerror fprintf 61390->61405 61406 70a1af64 fprintf fprintf fputc fclose 61390->61406 61391->61275 61392->61304 61393->61275 61408 70a1ca85 _errno strerror fprintf 61393->61408 61409 70a1bbd1 _errno strerror fprintf 61394->61409 61410 70a1bbec fprintf fprintf fputc fclose 61394->61410 62193 70a098a0 19 API calls 61395->62193 61396->61278 61397->61324 61398->61275 61399->61324 61414 70a19e3e GetProcAddress 61399->61414 61400->61267 61432 70a1c18a fputc 61401->61432 61402->61324 61403->61381 61418 70a1c27b fprintf fprintf fputc fclose 61403->61418 61436 70a1b6c9 fputc 61404->61436 61405->61275 61423 70a1afc8 fprintf 61406->61423 61407->61275 61408->61275 61409->61410 61441 70a1bc50 fprintf 61410->61441 61444 70a1c8f4 fputc 61411->61444 61413->61275 61414->61324 61429 70a19e53 GetProcAddress 61414->61429 61430 70a21921 _errno strerror fprintf 61415->61430 61431 70a1d1f4 fprintf fprintf fputc fclose 61415->61431 61448 70a1b90d fputc 61416->61448 61451 70a1b5df fputc 61417->61451 61454 70a1c2d8 fprintf 61418->61454 61437 70a1d13a _errno strerror fprintf 61420->61437 61438 70a1be7c fprintf fprintf fputc fclose 61420->61438 61421->61295 61422->61275 61439 70a1bb03 _errno strerror fprintf 61422->61439 61456 70a1afe1 fputc 61423->61456 61424->61275 61425->61275 61442 70a1c035 fprintf fprintf fputc fclose 61426->61442 61443 70a1c01a _errno strerror fprintf 61426->61443 61427->61324 61428->61275 61429->61275 61446 70a19e6f GetProcAddress 61429->61446 61466 70a21941 _errno strerror fprintf 61430->61466 61463 70a1d251 fprintf 61431->61463 61432->61324 61449 70a1c9f6 fprintf fprintf fputc fclose 61433->61449 61450 70a1d83b _errno strerror fprintf 61433->61450 61434->61275 61452 70a1ce25 _errno strerror fprintf 61434->61452 62195 70a04230 7 API calls 61435->62195 61436->61278 61437->61275 61470 70a1bee0 fprintf 61438->61470 61439->61275 61457 70a1d375 _errno strerror fprintf 61440->61457 61458 70a1c408 fprintf fprintf fputc fclose 61440->61458 61471 70a1bc69 fputc 61441->61471 61472 70a1c099 fprintf 61442->61472 61443->61442 61444->61278 61445->61275 61446->61324 61462 70a19e84 GetProcAddress 61446->61462 61447->61275 61448->61278 61476 70a1ca5a fprintf 61449->61476 61450->61275 61451->61286 61452->61324 61453->61391 61481 70a1c2ea fputc 61454->61481 61456->61278 61457->61275 61485 70a1c46c fprintf 61458->61485 61459->61275 61460->61267 61461->61275 61462->61275 61474 70a19ea0 GetProcAddress 61462->61474 61489 70a1d263 fputc 61463->61489 61478 70a1d4fa _errno strerror fprintf 61464->61478 61479 70a1c64f fprintf fprintf fputc fclose 61464->61479 61493 70a1ba6f fputc 61465->61493 61466->61275 61467->61275 61468->61275 61469 70a1cff0 61482 70a1cffc _errno 61469->61482 61483 70a1d07f fprintf 61469->61483 61496 70a1bef9 fputc 61470->61496 61471->61278 61500 70a1c0b2 fputc 61472->61500 61486 70a1cd81 _errno strerror fprintf 61473->61486 61487 70a1cd9c fprintf fprintf fputc fclose 61473->61487 61474->61275 61488 70a19eb5 GetProcAddress 61474->61488 61475->61275 61490 70a1c906 _errno strerror fprintf 61475->61490 61504 70a1ca73 fputc 61476->61504 61477->61343 61499 70a1d51a _errno strerror fprintf 61478->61499 61507 70a1c6b3 fprintf 61479->61507 61480->61275 61492 70a1be0e _errno strerror fprintf 61480->61492 61481->61275 61494 70a1d021 fprintf fputc fclose 61482->61494 61495 70a1d006 _errno strerror fprintf 61482->61495 61508 70a1d061 fputc 61483->61508 61484->61437 61510 70a1c485 fputc 61485->61510 61486->61487 61511 70a1cdfc fprintf 61487->61511 61488->61324 61501 70a19ed1 GetProcAddress 61488->61501 61489->61275 61490->61275 61505 70a1e017 _errno strerror fprintf 61491->61505 61506 70a1d76e fprintf fprintf fputc fclose 61491->61506 61492->61275 61493->61324 61494->61508 61495->61494 61496->61278 61497->61478 61499->61275 61500->61278 61501->61275 61512 70a19eed GetProcAddress 61501->61512 61502->61324 61503->61275 61504->61278 61505->61275 61525 70a1d7d2 fprintf 61506->61525 61526 70a1c6cc fputc 61507->61526 61508->61267 61519 70a1cbe2 fprintf fprintf fputc fclose 61509->61519 61520 70a1cbc7 _errno strerror fprintf 61509->61520 61510->61278 61533 70a1ce13 fputc 61511->61533 61512->61324 61521 70a19f02 GetProcAddress 61512->61521 61522 70a1ce82 _errno strerror fprintf 61513->61522 61523 70a1ce9d fprintf fprintf fputc fclose 61513->61523 61536 70a1e075 GetProcAddress 61514->61536 61515->61275 61516->61275 61517->61466 61527 70a1d434 fprintf fprintf fputc fclose 61517->61527 61528 70a1db74 _errno strerror fprintf 61518->61528 61529 70a1d88c fprintf fprintf fputc fclose 61518->61529 61531 70a1cc46 fprintf 61519->61531 61520->61519 61521->61275 61534 70a19f1e GetProcAddress 61521->61534 61522->61523 61542 70a1cf01 fprintf 61523->61542 61537 70a1dd26 _errno strerror fprintf 61524->61537 61538 70a1d2cd fprintf fprintf fputc fclose 61524->61538 61543 70a1d7eb fputc 61525->61543 61526->61278 61545 70a1d498 fprintf 61527->61545 61528->61275 61546 70a1d8f0 fprintf 61529->61546 61547 70a1cc5f fputc 61531->61547 61532->61324 61533->61267 61534->61275 61539 70a19f3a GetProcAddress 61534->61539 61535->61324 61540 70a1e091 GetProcAddress 61536->61540 61541 70a1a4b9 GetProcAddress 61536->61541 61552 70a1dd46 GetProcAddress 61537->61552 61551 70a1d331 fprintf 61538->61551 61539->61324 61550 70a19f56 GetProcAddress 61539->61550 61540->61275 61540->61541 61541->61548 61549 70a1a4d5 GetProcAddress 61541->61549 61555 70a1cf1a fputc 61542->61555 61543->61278 61544->61450 61559 70a1d4b1 fputc 61545->61559 61560 70a1d909 fputc 61546->61560 61547->61278 61548->61549 61558 70a1dd8d GetProcAddress 61548->61558 61549->61324 61549->61552 61550->61275 61554 70a19f72 GetProcAddress 61550->61554 61564 70a1d34a fputc 61551->61564 61552->61275 61561 70a1d5e7 fprintf fprintf fputc fclose 61553->61561 61562 70a1d5cc _errno strerror fprintf 61553->61562 61554->61275 61563 70a19f8e GetProcAddress 61554->61563 61555->61278 61565 70a1dc41 _errno strerror fprintf 61556->61565 61566 70a1dc5c fprintf fprintf fputc fclose 61556->61566 61567 70a219e7 fprintf fprintf fputc fclose 61557->61567 61568 70a219cc _errno strerror fprintf 61557->61568 61558->61549 61569 70a1dda9 GetProcAddress 61558->61569 61559->61278 61560->61278 61575 70a1d64b fprintf 61561->61575 61562->61561 61563->61275 61572 70a19faa GetProcAddress 61563->61572 61564->61278 61565->61566 61566->61275 61567->61275 61568->61567 61569->61275 61569->61549 61570->61275 61571->61275 61571->61324 61572->61275 61576 70a19fc6 GetProcAddress 61572->61576 61577 70a21d64 fprintf fprintf fputc fclose 61573->61577 61578 70a21d49 _errno strerror fprintf 61573->61578 61574->61275 61592 70a1d664 fputc 61575->61592 61576->61275 61582 70a19fdb GetProcAddress 61576->61582 61577->61275 61578->61577 61584 70a1e140 _errno strerror fprintf 61579->61584 61585 70a1e15b fprintf fprintf fputc fclose 61579->61585 61588 70a1d998 fprintf fprintf fputc fclose 61580->61588 61589 70a1d97d _errno strerror fprintf 61580->61589 61590 70a1df32 _errno strerror fprintf 61581->61590 61591 70a1df4d fprintf fprintf fputc fclose 61581->61591 61582->61275 61593 70a19ff7 GetProcAddress 61582->61593 61602 70a1dcd9 fputc 61583->61602 61584->61585 61585->61275 61586->61275 61605 70a21a64 fputc 61587->61605 61588->61275 61589->61588 61590->61591 61591->61275 61592->61278 61593->61275 61600 70a1a00c GetProcAddress 61593->61600 61603 70a21e76 fprintf fprintf fputc fclose 61594->61603 61604 70a21e5b _errno strerror fprintf 61594->61604 61595->61275 61607 70a1de20 _errno strerror fprintf 61596->61607 61608 70a1de3b fprintf fprintf fputc fclose 61596->61608 61597->61275 61611 70a21c39 fprintf fprintf fputc fclose 61598->61611 61612 70a21c1e _errno strerror fprintf 61598->61612 61599->61275 61600->61275 61613 70a1a021 GetProcAddress 61600->61613 61625 70a21de1 fputc 61601->61625 61602->61278 61603->61275 61604->61603 61605->61278 61606->61275 61607->61608 61608->61275 61616 70a21b27 fprintf fprintf fputc fclose 61609->61616 61617 70a21b0c _errno strerror fprintf 61609->61617 61619 70a1daaa fprintf fprintf fputc fclose 61610->61619 61620 70a1da8f _errno strerror fprintf 61610->61620 61611->61275 61612->61611 61613->61275 61624 70a1a03d GetProcAddress 61613->61624 61632 70a1e1d8 fputc 61614->61632 61636 70a1da15 fputc 61615->61636 61616->61275 61617->61616 61618->61275 61619->61275 61620->61619 61639 70a1dfca fputc 61621->61639 61622->61275 61629 70a21857 fprintf fprintf fputc fclose 61623->61629 61630 70a2183c _errno strerror fprintf 61623->61630 61624->61275 61631 70a1a059 GetProcAddress 61624->61631 61625->61278 61626->61275 61637 70a21745 fprintf fprintf fputc fclose 61627->61637 61638 70a2172a _errno strerror fprintf 61627->61638 61628->61275 61629->61275 61630->61629 61631->61275 61642 70a1a075 GetProcAddress 61631->61642 61632->61278 61650 70a21ef3 fputc 61633->61650 61643 70a21605 fprintf fprintf fputc fclose 61634->61643 61644 70a215ea _errno strerror fprintf 61634->61644 61652 70a1deb8 fputc 61635->61652 61636->61278 61637->61275 61638->61637 61639->61278 61653 70a21cb6 fputc 61640->61653 61641->61275 61642->61275 61648 70a1a091 GetProcAddress 61642->61648 61643->61275 61644->61643 61660 70a21ba4 fputc 61645->61660 61663 70a1db27 fputc 61646->61663 61647->61275 61648->61275 61657 70a1a0ad GetProcAddress 61648->61657 61658 70a214f3 fprintf fprintf fputc fclose 61649->61658 61659 70a214d8 _errno strerror fprintf 61649->61659 61650->61278 61651->61275 61652->61278 61653->61278 61664 70a213b3 fprintf fprintf fputc fclose 61654->61664 61665 70a21398 _errno strerror fprintf 61654->61665 62000 70a2d4b0 61655->62000 61673 70a218d4 fputc 61656->61673 61657->61275 61667 70a1a0c9 GetProcAddress 61657->61667 61658->61275 61659->61658 61660->61278 61671 70a212a1 fprintf fprintf fputc fclose 61661->61671 61672 70a21286 _errno strerror fprintf 61661->61672 61679 70a217c2 fputc 61662->61679 61663->61278 61664->61275 61665->61664 61667->61275 61675 70a1a0e5 GetProcAddress 61667->61675 61668->61275 61677 70a21161 fprintf fprintf fputc fclose 61669->61677 61678 70a21146 _errno strerror fprintf 61669->61678 61685 70a21682 fputc 61670->61685 61671->61275 61672->61671 61673->61278 61674->61275 61675->61275 61681 70a1a101 GetProcAddress 61675->61681 61676->61275 61684 70a1b71e _errno strerror fprintf 61676->61684 61677->61275 61678->61677 61679->61278 61680->61275 61681->61275 61690 70a1a116 GetProcAddress 61681->61690 61691 70a21034 _errno strerror fprintf 61682->61691 61692 70a2104f fprintf fprintf fputc fclose 61682->61692 61698 70a21570 fputc 61683->61698 61684->61275 61685->61278 61686->61275 61695 70a20ef4 _errno strerror fprintf 61687->61695 61696 70a20f0f fprintf fprintf fputc fclose 61687->61696 61704 70a21430 fputc 61688->61704 61689->61324 61690->61275 61697 70a1a132 GetProcAddress 61690->61697 61691->61692 61692->61275 61702 70a20de2 _errno strerror fprintf 61693->61702 61703 70a20dfd fprintf fprintf fputc fclose 61693->61703 61709 70a2131e fputc 61694->61709 61695->61696 61696->61275 61697->61275 61706 70a1a14e GetProcAddress 61697->61706 61698->61278 61699->61275 61707 70a20ca2 _errno strerror fprintf 61700->61707 61708 70a20cbd fprintf fprintf fputc fclose 61700->61708 61715 70a211de fputc 61701->61715 61702->61703 61703->61275 61704->61278 61705->61275 61706->61275 61713 70a1a16a GetProcAddress 61706->61713 61707->61708 61708->61275 61709->61278 61710->61275 61719 70a20b90 _errno strerror fprintf 61712->61719 61720 70a20bab fprintf fprintf fputc fclose 61712->61720 61713->61275 61721 70a1a186 GetProcAddress 61713->61721 61727 70a210cc fputc 61714->61727 61715->61278 61716->61275 61724 70a20a50 _errno strerror fprintf 61717->61724 61725 70a20a6b fprintf fprintf fputc fclose 61717->61725 61734 70a20f8c fputc 61718->61734 61719->61720 61720->61275 61721->61275 61726 70a1a1a2 GetProcAddress 61721->61726 61731 70a20959 fprintf fprintf fputc fclose 61722->61731 61732 70a2093e _errno strerror fprintf 61722->61732 61740 70a20e7a fputc 61723->61740 61724->61725 61725->61275 61726->61275 61737 70a1a1be GetProcAddress 61726->61737 61727->61278 61728->61275 61738 70a20819 fprintf fprintf fputc fclose 61729->61738 61739 70a207fe _errno strerror fprintf 61729->61739 61746 70a20d3a fputc 61730->61746 61731->61275 61732->61731 61733->61275 61741 70a1c545 _errno strerror fprintf 61733->61741 61734->61278 61735->61275 61737->61275 61745 70a1a1d3 GetProcAddress 61737->61745 61738->61275 61739->61738 61740->61278 61741->61324 61742->61275 61750 70a20707 fprintf fprintf fputc fclose 61743->61750 61751 70a206ec _errno strerror fprintf 61743->61751 61759 70a20c28 fputc 61744->61759 61745->61275 61752 70a1a1e8 GetProcAddress 61745->61752 61746->61278 61747->61275 61755 70a205c7 fprintf fprintf fputc fclose 61748->61755 61756 70a205ac _errno strerror fprintf 61748->61756 61766 70a20ae8 fputc 61749->61766 61750->61275 61751->61750 61752->61275 61760 70a1a204 GetProcAddress 61752->61760 61764 70a204b5 fprintf fprintf fputc fclose 61753->61764 61765 70a2049a _errno strerror fprintf 61753->61765 61771 70a209d6 fputc 61754->61771 61755->61275 61756->61755 61757->61324 61758->61275 61758->61353 61759->61278 61760->61275 61768 70a1a220 GetProcAddress 61760->61768 61761->61275 61769 70a20375 fprintf fprintf fputc fclose 61762->61769 61770 70a2035a _errno strerror fprintf 61762->61770 61776 70a20896 fputc 61763->61776 61764->61275 61765->61764 61766->61278 61767->61275 61768->61275 61775 70a1a23c GetProcAddress 61768->61775 61769->61275 61770->61769 61771->61278 61772->61275 61780 70a20263 fprintf fprintf fputc fclose 61773->61780 61781 70a20248 _errno strerror fprintf 61773->61781 61789 70a20784 fputc 61774->61789 61775->61275 61782 70a1a258 GetProcAddress 61775->61782 61776->61278 61777->61275 61787 70a20123 fprintf fprintf fputc fclose 61778->61787 61788 70a20108 _errno strerror fprintf 61778->61788 61796 70a20644 fputc 61779->61796 61780->61275 61781->61780 61782->61275 61783 70a1a26d GetProcAddress 61782->61783 61783->61275 61791 70a1a289 GetProcAddress 61783->61791 61794 70a20011 fprintf fprintf fputc fclose 61784->61794 61795 70a1fff6 _errno strerror fprintf 61784->61795 61802 70a20532 fputc 61785->61802 61786->61275 61786->61499 61787->61275 61788->61787 61789->61278 61790->61275 61791->61275 61798 70a1a2a5 GetProcAddress 61791->61798 61799 70a1fed1 fprintf fprintf fputc fclose 61792->61799 61800 70a1feb6 _errno strerror fprintf 61792->61800 61809 70a203f2 fputc 61793->61809 61794->61275 61795->61794 61796->61278 61797->61275 61798->61275 61808 70a1a2ba GetProcAddress 61798->61808 61799->61275 61800->61799 61801->61275 61802->61278 61803->61275 61804->61275 61811 70a1cc71 _errno strerror fprintf 61804->61811 61814 70a1fda4 _errno strerror fprintf 61805->61814 61815 70a1fdbf fprintf fprintf fputc fclose 61805->61815 61821 70a202e0 fputc 61807->61821 61808->61275 61816 70a1a2d6 GetProcAddress 61808->61816 61809->61278 61810->61275 61811->61405 61819 70a1fc64 _errno strerror fprintf 61812->61819 61820 70a1fc7f fprintf fprintf fputc fclose 61812->61820 61828 70a201a0 fputc 61813->61828 61814->61815 61815->61275 61816->61275 61824 70a1a2f2 GetProcAddress 61816->61824 61826 70a1fb52 _errno strerror fprintf 61817->61826 61827 70a1fb6d fprintf fprintf fputc fclose 61817->61827 61834 70a2008e fputc 61818->61834 61819->61820 61820->61275 61821->61278 61822->61275 61831 70a1fa12 _errno strerror fprintf 61823->61831 61832 70a1fa2d fprintf fprintf fputc fclose 61823->61832 61824->61275 61833 70a1a30e GetProcAddress 61824->61833 61839 70a1ff4e fputc 61825->61839 61826->61827 61827->61275 61828->61278 61829->61275 61831->61832 61832->61275 61833->61275 61838 70a1a32a GetProcAddress 61833->61838 61834->61278 61835->61275 61843 70a1f900 _errno strerror fprintf 61836->61843 61844 70a1f91b fprintf fprintf fputc fclose 61836->61844 61850 70a1fe3c fputc 61837->61850 61838->61275 61845 70a1a33f GetProcAddress 61838->61845 61839->61278 61840->61275 61848 70a1f7c0 _errno strerror fprintf 61841->61848 61849 70a1f7db fprintf fprintf fputc fclose 61841->61849 61858 70a1fcfc fputc 61842->61858 61843->61844 61844->61275 61845->61275 61855 70a1a35b GetProcAddress 61845->61855 61856 70a1f6c9 fprintf fprintf fputc fclose 61846->61856 61857 70a1f6ae _errno strerror fprintf 61846->61857 61864 70a1fbea fputc 61847->61864 61848->61849 61849->61275 61850->61278 61851->61275 61861 70a1f589 fprintf fprintf fputc fclose 61853->61861 61862 70a1f56e _errno strerror fprintf 61853->61862 61868 70a1faaa fputc 61854->61868 61855->61275 61863 70a1a377 GetProcAddress 61855->61863 61856->61275 61857->61856 61858->61278 61859->61275 61860->61324 61861->61275 61862->61861 61863->61275 61869 70a1a38c GetProcAddress 61863->61869 61864->61278 61865->61275 61873 70a1f477 fprintf fprintf fputc fclose 61866->61873 61874 70a1f45c _errno strerror fprintf 61866->61874 61880 70a1f998 fputc 61867->61880 61868->61278 61869->61275 61875 70a1a3a8 GetProcAddress 61869->61875 61870->61275 61878 70a1f337 fprintf fprintf fputc fclose 61871->61878 61879 70a1f31c _errno strerror fprintf 61871->61879 61888 70a1f858 fputc 61872->61888 61873->61275 61874->61873 61875->61275 61885 70a1a3c4 GetProcAddress 61875->61885 61886 70a1f225 fprintf fprintf fputc fclose 61876->61886 61887 70a1f20a _errno strerror fprintf 61876->61887 61893 70a1f746 fputc 61877->61893 61878->61275 61879->61878 61880->61278 61881->61275 61890 70a1f0e5 fprintf fprintf fputc fclose 61882->61890 61891 70a1f0ca _errno strerror fprintf 61882->61891 61883->61275 61883->61324 61897 70a1f606 fputc 61884->61897 61885->61275 61892 70a1a3e0 GetProcAddress 61885->61892 61886->61275 61887->61886 61888->61278 61889->61275 61890->61275 61891->61890 61892->61275 61899 70a1a3f5 GetProcAddress 61892->61899 61893->61278 61894->61275 61903 70a1efd3 fprintf fprintf fputc fclose 61895->61903 61904 70a1efb8 _errno strerror fprintf 61895->61904 61911 70a1f4f4 fputc 61896->61911 61897->61278 61898->61275 61905 70a1a411 GetProcAddress 61899->61905 61906 70a1e84b GetProcAddress 61899->61906 61909 70a1ee93 fprintf fprintf fputc fclose 61900->61909 61910 70a1ee78 _errno strerror fprintf 61900->61910 61919 70a1f3b4 fputc 61901->61919 61902->61275 61902->61324 61903->61275 61904->61903 61915 70a1e5f2 GetProcAddress 61905->61915 61916 70a1a42d GetProcAddress 61905->61916 61906->61275 61906->61905 61917 70a1ed81 fprintf fprintf fputc fclose 61907->61917 61918 70a1ed66 _errno strerror fprintf 61907->61918 61925 70a1f2a2 fputc 61908->61925 61909->61275 61910->61909 61911->61278 61912->61275 61921 70a1ec41 fprintf fprintf fputc fclose 61913->61921 61922 70a1ec26 _errno strerror fprintf 61913->61922 61929 70a1f162 fputc 61914->61929 61915->61275 61915->61916 61923 70a1e5c1 GetProcAddress 61916->61923 61924 70a1a449 GetProcAddress 61916->61924 61917->61275 61918->61917 61919->61278 61920->61275 61921->61275 61922->61921 61923->61275 61923->61924 61931 70a1a465 GetProcAddress 61924->61931 61932 70a1e368 GetProcAddress 61924->61932 61925->61278 61926->61275 61936 70a1eb14 _errno strerror fprintf 61927->61936 61937 70a1eb2f fprintf fprintf fputc fclose 61927->61937 61944 70a1f050 fputc 61928->61944 61929->61278 61930->61275 61938 70a1a481 GetProcAddress 61931->61938 61939 70a1e337 GetProcAddress 61931->61939 61932->61275 61932->61931 61941 70a1e9d4 _errno strerror fprintf 61933->61941 61942 70a1e9ef fprintf fprintf fputc fclose 61933->61942 61950 70a1ef10 fputc 61934->61950 61935->61267 61959 70a1b299 61935->61959 61936->61937 61937->61275 61948 70a1e0c2 GetProcAddress 61938->61948 61949 70a1a49d GetProcAddress 61938->61949 61939->61275 61939->61938 61956 70a1edfe fputc 61940->61956 61941->61942 61942->61275 61943->61324 61944->61278 61945->61275 61963 70a1ecbe fputc 61946->61963 61954 70a1e8c2 _errno strerror fprintf 61947->61954 61955 70a1e8dd fprintf fprintf fputc fclose 61947->61955 61948->61949 61958 70a1e0de GetProcAddress 61948->61958 61949->61536 61949->61541 61950->61278 61951->61275 61961 70a1e781 fprintf fprintf fputc fclose 61953->61961 61962 70a1e766 _errno strerror fprintf 61953->61962 61954->61955 61955->61275 61956->61278 61957->61324 61958->61275 61958->61949 61959->61334 61967 70a1b2b8 _errno 61959->61967 62192 70a04230 7 API calls 61959->62192 61974 70a1ebac fputc 61960->61974 61961->61275 61962->61961 61963->61278 61964->61275 61979 70a1ea6c fputc 61965->61979 61970 70a1e654 _errno strerror fprintf 61966->61970 61971 70a1e66f fprintf fprintf fputc fclose 61966->61971 61972 70a1c497 _errno strerror fprintf 61967->61972 61967->61973 61968->61275 61977 70a1e4f7 fprintf fprintf fputc fclose 61969->61977 61978 70a1e4dc _errno strerror fprintf 61969->61978 61970->61971 61971->61275 61972->61346 61973->61283 61974->61278 61982 70a1e3e5 fprintf fprintf fputc fclose 61975->61982 61983 70a1e3ca _errno strerror fprintf 61975->61983 61986 70a1e95a fputc 61976->61986 61977->61275 61978->61977 61979->61278 61980->61275 61989 70a1e7fe fputc 61981->61989 61982->61275 61983->61982 61984->61275 61985->61275 61986->61278 61995 70a1e6ec fputc 61987->61995 61991 70a1e252 _errno strerror fprintf 61988->61991 61992 70a1e26d fprintf fprintf fputc fclose 61988->61992 61989->61278 61996 70a1e574 fputc 61990->61996 61991->61992 61992->61275 61993->61275 61998 70a1e462 fputc 61994->61998 61995->61278 61996->61278 61999 70a1e2ea fputc 61997->61999 61998->61278 61999->61278 62001 70a2d675 62000->62001 62004 70a2d4c2 62000->62004 62196 70a2d050 __iob_func abort 62001->62196 62004->61324 62006 70a2d938 62005->62006 62007 70a2db4f 62005->62007 62008 70a2d947 memcmp 62006->62008 62018 70a2da52 62006->62018 62197 70a2d050 __iob_func abort 62007->62197 62010 70a2d960 memcmp 62008->62010 62008->62018 62012 70a2d97f memcmp 62010->62012 62010->62018 62013 70a2d99f memcmp 62012->62013 62012->62018 62014 70a2d9bf memcmp 62013->62014 62013->62018 62015 70a2d9df memcmp 62014->62015 62014->62018 62016 70a2d9ff memcmp 62015->62016 62015->62018 62017 70a2da1f memcmp 62016->62017 62016->62018 62017->62006 62017->62018 62018->61324 62020 70a2d8f7 62019->62020 62032 70a2d6a8 62019->62032 62198 70a2d050 __iob_func abort 62020->62198 62022 70a2d6b7 memcmp 62024 70a2d6d0 memcmp 62022->62024 62025 70a2d7c5 62022->62025 62024->62025 62026 70a2d6f2 memcmp 62024->62026 62025->61324 62026->62025 62027 70a2d712 memcmp 62026->62027 62027->62025 62028 70a2d732 memcmp 62027->62028 62028->62025 62029 70a2d752 memcmp 62028->62029 62029->62025 62030 70a2d772 memcmp 62029->62030 62030->62025 62031 70a2d792 memcmp 62030->62031 62031->62025 62031->62032 62032->62022 62032->62025 62034 70a2d341 62033->62034 62038 70a2d226 62033->62038 62199 70a2d050 __iob_func abort 62034->62199 62036 70a2d238 strcmp 62036->62038 62046 70a2d32f 62036->62046 62038->62036 62039 70a2d262 strcmp 62038->62039 62040 70a2d281 strcmp 62038->62040 62041 70a2d2a0 strcmp 62038->62041 62042 70a2d2bf strcmp 62038->62042 62043 70a2d2da strcmp 62038->62043 62044 70a2d2f5 strcmp 62038->62044 62045 70a2d310 strcmp 62038->62045 62038->62046 62039->62038 62039->62046 62040->62038 62040->62046 62041->62038 62041->62046 62042->62038 62042->62046 62043->62038 62043->62046 62044->62038 62044->62046 62045->62038 62045->62046 62046->61324 62048 70a2d376 62047->62048 62049 70a2d488 62047->62049 62051 70a2d388 strcmp 62048->62051 62053 70a2d3ac strcmp 62048->62053 62054 70a2d3c8 strcmp 62048->62054 62055 70a2d3e7 strcmp 62048->62055 62056 70a2d406 strcmp 62048->62056 62057 70a2d421 strcmp 62048->62057 62058 70a2d43c strcmp 62048->62058 62059 70a2d457 strcmp 62048->62059 62060 70a2d476 62048->62060 62200 70a2d050 __iob_func abort 62049->62200 62051->62048 62051->62060 62053->62048 62053->62060 62054->62048 62054->62060 62055->62048 62055->62060 62056->62048 62056->62060 62057->62048 62057->62060 62058->62048 62058->62060 62059->62048 62059->62060 62060->61324 62062 70a7083e 62061->62062 62201 70a70a09 62062->62201 62064 70a70873 exit 62065 70a7088e 62064->62065 62065->61324 62066 70a70843 62066->62064 62204 70a70a30 GetCurrentThread GetThreadContext 62066->62204 62068 70a70855 62068->62064 62069 70a70859 62068->62069 62069->61324 62211 70a6fc00 62070->62211 62072 70a04a15 62073 70a04a25 free 62072->62073 62074 70a04a63 62072->62074 62085 70a05fd0 62073->62085 62226 70a04230 7 API calls 62074->62226 62076 70a04a76 62077 70a04b20 fprintf 62076->62077 62078 70a04a82 _errno 62076->62078 62082 70a04ae8 fprintf 62077->62082 62079 70a04b54 _errno strerror fprintf 62078->62079 62080 70a04a96 fprintf fprintf fputc fclose 62078->62080 62079->62080 62080->62082 62084 70a04b0b fputc 62082->62084 62084->62073 62086 70a05ff2 62085->62086 62143 70a0609d 62085->62143 62088 70a06110 malloc 62086->62088 62089 70a06010 62086->62089 62087 70a024c0 strlen strlen malloc _strdup 62087->62143 62092 70a0612a memcpy 62088->62092 62090 70a061b1 malloc 62089->62090 62091 70a0602e 62089->62091 62090->62092 62093 70a060fa 62091->62093 62095 70a06150 malloc 62091->62095 62096 70a0605f getenv 62091->62096 62092->61324 62093->61324 62095->62092 62124 70a06074 62096->62124 62098 70a060e8 free 62098->62093 62099 70a0631c _errno 62099->62124 62100 70a0617c free 62102 70a06184 62100->62102 62101 70a064e1 _errno 62103 70a066b3 _errno strerror fprintf 62101->62103 62104 70a064ef fprintf fprintf fputc fclose 62101->62104 62108 70a06195 62102->62108 62121 70a061f8 62102->62121 62103->62124 62104->62143 62105 70a06340 free 62105->62143 62106 70a061f1 free 62106->62102 62107 70a06420 _access 62107->62124 62107->62143 62117 70a061a4 _errno 62108->62117 62118 70a0664e _errno strerror 62108->62118 62109 70a06617 fprintf 62109->62143 62111 70a06585 getenv 62111->62124 62112 70a0635d strlen strlen malloc 62115 70a065c6 62112->62115 62112->62143 62113 70a067fe 62320 70a04230 7 API calls 62113->62320 62114 70a0654f fprintf 62123 70a06564 fputc 62114->62123 62129 70a06719 62115->62129 62134 70a065db 62115->62134 62116 70a0644e 62317 70a04900 15 API calls 62116->62317 62117->62093 62118->62134 62120 70a06217 _errno 62127 70a0623a 8 API calls 62120->62127 62128 70a0621f _errno strerror fprintf 62120->62128 62121->62120 62135 70a0668a fprintf 62121->62135 62314 70a04230 7 API calls 62121->62314 62123->62124 62124->62099 62124->62107 62124->62111 62124->62112 62124->62113 62126 70a065ae getenv 62124->62126 62124->62143 62125 70a06811 62132 70a0689c 62125->62132 62133 70a0681d _errno 62125->62133 62126->62112 62126->62115 62141 70a062b2 fprintf 62127->62141 62128->62127 62319 70a04230 7 API calls 62129->62319 62131 70a06459 free 62131->62093 62137 70a0646d 62131->62137 62142 70a068e3 fprintf 62132->62142 62155 70a068aa fprintf 62132->62155 62139 70a06846 fprintf fprintf fputc fclose 62133->62139 62140 70a0682b _errno strerror fprintf 62133->62140 62134->62117 62135->62103 62146 70a06930 62137->62146 62147 70a0647a 62137->62147 62138 70a0672c 62144 70a06738 _errno 62138->62144 62145 70a06795 62138->62145 62139->62132 62140->62139 62148 70a062ca fputc 62141->62148 62142->62132 62143->62087 62143->62098 62143->62099 62143->62100 62143->62101 62143->62105 62143->62106 62143->62109 62143->62111 62143->62112 62143->62114 62143->62116 62143->62124 62313 70a04900 15 API calls 62143->62313 62315 70a05f60 6 API calls 62143->62315 62316 70a04900 15 API calls 62143->62316 62318 70a04230 7 API calls 62143->62318 62150 70a06910 _errno strerror fprintf 62144->62150 62151 70a06743 fprintf fprintf fputc fclose 62144->62151 62154 70a067d8 fprintf 62145->62154 62164 70a067a3 fprintf 62145->62164 62321 70a04230 7 API calls 62146->62321 62147->62117 62156 70a06490 _errno strerror 62147->62156 62148->62143 62150->62146 62151->62145 62153 70a06943 62158 70a06a0b fprintf 62153->62158 62159 70a0694f _errno 62153->62159 62154->62145 62160 70a068c3 fputc 62155->62160 62166 70a064bd 62156->62166 62157 70a063f8 free 62157->62102 62161 70a0640c 62157->62161 62167 70a069c3 _errno strerror 62158->62167 62162 70a06961 6 API calls 62159->62162 62163 70a06a49 _errno strerror fprintf 62159->62163 62160->62132 62161->62093 62162->62167 62168 70a067b8 fputc 62164->62168 62166->62117 62169 70a069dd fprintf 62167->62169 62168->62145 62170 70a069f9 fputc 62169->62170 62170->62158 62172 70a05fd0 107 API calls 62171->62172 62173 70a0da2a 62172->62173 62174 70a0da80 62173->62174 62175 70a0da32 62173->62175 62177 70a0daa0 62174->62177 62178 70a0da91 _errno 62174->62178 62322 70a0a7b0 62175->62322 62738 70a04230 7 API calls 62177->62738 62180 70a0da74 62178->62180 62180->61324 62182 70a0dab3 62183 70a0db4c fprintf 62182->62183 62184 70a0dabf _errno 62182->62184 62188 70a0db1a fprintf 62183->62188 62185 70a0db80 _errno strerror fprintf 62184->62185 62186 70a0dacb fprintf fprintf fputc fclose 62184->62186 62185->62186 62186->62188 62190 70a0db3a fputc 62188->62190 62190->62178 62191->61358 62192->61959 62193->61275 62194->61324 62195->61469 62207 70a708e0 62201->62207 62206 70a70a6e GetCurrentThread SetThreadContext 62204->62206 62206->62068 62208 70a708f4 62207->62208 62209 70a70942 62208->62209 62210 70a70927 NtSetInformationThread 62208->62210 62209->62066 62210->62209 62227 70a70b90 62211->62227 62213 70a6fc52 malloc 62214 70a6fc73 memcpy 62213->62214 62215 70a6fd2e 62213->62215 62214->62215 62225 70a6fc95 62214->62225 62215->62072 62216 70a772b0 abort 62216->62225 62219 70a7bb60 fwrite abort 62219->62225 62225->62215 62225->62216 62225->62219 62228 70a93d70 62225->62228 62256 70a75940 62225->62256 62279 70a76ad0 62225->62279 62283 70a7c030 fwrite abort 62225->62283 62284 70a75b10 free UnmapViewOfFile GetLastError _errno 62225->62284 62285 70a76ad0 abort 62225->62285 62286 70a77210 abort 62225->62286 62226->62076 62227->62213 62229 70a93d8c 62228->62229 62247 70a93f49 62228->62247 62230 70a93f30 62229->62230 62232 70a93f09 62229->62232 62233 70a93daa 62229->62233 62235 70a94b20 9 API calls 62230->62235 62230->62247 62291 70a94b20 62232->62291 62304 70a82990 fwrite abort abort abort 62233->62304 62235->62247 62236 70a94009 memset 62236->62247 62239 70a70c30 free 62239->62247 62240 70a93e95 62242 70a93ea7 62240->62242 62240->62247 62241 70a93ead 62287 70a961a0 62241->62287 62242->62241 62245 70a93ed3 62242->62245 62244 70a93dd5 62244->62240 62248 70a93eca 62244->62248 62254 70a93e28 62244->62254 62307 70a70c30 62245->62307 62246 70a93ec0 62246->62248 62250 70a961a0 VirtualProtect 62246->62250 62247->62236 62247->62239 62247->62241 62310 70a7a8d0 11 API calls 62247->62310 62311 70a94610 memcpy free 62247->62311 62248->62225 62252 70a93efc 62250->62252 62252->62225 62253 70a94b20 9 API calls 62253->62254 62254->62240 62254->62244 62254->62253 62305 70a94cf0 UnmapViewOfFile GetLastError _errno 62254->62305 62306 70a82990 fwrite abort abort abort 62254->62306 62257 70a70c30 free 62256->62257 62258 70a7596e 62257->62258 62259 70a70c30 free 62258->62259 62260 70a7597b 62259->62260 62261 70a70c30 free 62260->62261 62262 70a75998 62261->62262 62263 70a70c30 free 62262->62263 62264 70a759a8 62263->62264 62265 70a70c30 free 62264->62265 62266 70a759b8 62265->62266 62267 70a70c30 free 62266->62267 62268 70a759c8 62267->62268 62269 70a70c30 free 62268->62269 62270 70a759d8 62269->62270 62271 70a75a2f 62270->62271 62273 70a70c30 free 62270->62273 62272 70a70c30 free 62271->62272 62274 70a75a3b 62272->62274 62273->62270 62275 70a75a91 62274->62275 62278 70a70c30 free 62274->62278 62276 70a70c30 free 62275->62276 62277 70a75a9d 62276->62277 62278->62274 62280 70a76aed 62279->62280 62282 70a76af5 62279->62282 62280->62282 62312 70a76490 abort 62280->62312 62282->62225 62283->62225 62284->62225 62285->62225 62286->62225 62290 70a961aa 62287->62290 62288 70a961d6 VirtualProtect 62289 70a961ee 62288->62289 62289->62246 62290->62288 62290->62289 62296 70a94b3a 62291->62296 62292 70a94b77 _errno 62293 70a94b8f 62292->62293 62294 70a94c40 _errno 62292->62294 62293->62294 62298 70a94ba2 62293->62298 62297 70a94c4f 62294->62297 62295 70a94cd8 62296->62292 62296->62295 62297->62230 62299 70a94bb3 CreateFileMappingA 62298->62299 62300 70a94ca4 _get_osfhandle 62298->62300 62302 70a94c18 GetLastError _errno 62299->62302 62303 70a94be3 MapViewOfFile CloseHandle 62299->62303 62300->62299 62301 70a94cbe _errno 62300->62301 62301->62297 62302->62230 62303->62297 62303->62302 62304->62244 62305->62254 62306->62254 62308 70a70c40 free 62307->62308 62309 70a70c4d 62307->62309 62308->62309 62309->62246 62310->62247 62311->62247 62312->62282 62313->62143 62314->62121 62315->62143 62316->62157 62317->62131 62318->62143 62319->62138 62320->62125 62321->62153 62323 70a0a7c6 62322->62323 62324 70a05fd0 107 API calls 62323->62324 62325 70a0a7f7 62324->62325 62326 70a0afd0 62325->62326 62327 70a0a803 62325->62327 62329 70a0acd4 _errno 62326->62329 62330 70a0afe7 62326->62330 62739 70a2b990 62327->62739 62433 70a0ad43 free 62329->62433 62900 70a04230 7 API calls 62330->62900 62333 70a0affa 62335 70a0b006 _errno 62333->62335 62450 70a0c7f0 fprintf 62333->62450 62334 70a0bea1 free 62652 70a0acc5 62334->62652 62676 70a0c6e8 62334->62676 62338 70a0b014 fprintf fputc fclose 62335->62338 62339 70a0ce6e _errno strerror fprintf 62335->62339 62336 70a0ac80 62347 70a0aca0 free free 62336->62347 62337 70a0a83a strncmp 62341 70a0a8b0 62337->62341 62342 70a0a89a strchr 62337->62342 62349 70a0b05b fputc 62338->62349 62350 70a0ce8e fprintf 62339->62350 62345 70a0a420 55 API calls 62341->62345 62342->62341 62344 70a0c2e1 62342->62344 62343 70a0c715 62351 70a0c721 _errno 62343->62351 62352 70a0ccc6 fprintf 62343->62352 62348 70a0c2f8 62344->62348 62344->62652 62353 70a0a8ef 62345->62353 62454 70a0acb0 62347->62454 62920 70a04230 7 API calls 62348->62920 62349->62329 62371 70a0b531 fprintf 62350->62371 62356 70a0d201 _errno strerror fprintf 62351->62356 62357 70a0c72d fprintf 62351->62357 62378 70a0ccfd 62352->62378 62358 70a0ad62 free 62353->62358 62359 70a0a8fb 62353->62359 62354 70a0c850 62362 70a0c867 62354->62362 62582 70a0bc2a 62354->62582 62581 70a0b840 62356->62581 62924 70a2db70 62357->62924 62358->62454 62769 70a2ffd0 62359->62769 62360 70a04230 7 API calls 62360->62581 62926 70a04230 7 API calls 62362->62926 62363 70a0c30b 62369 70a0c317 _errno 62363->62369 62370 70a0d105 62363->62370 62375 70a0c321 _errno strerror fprintf 62369->62375 62376 70a0c33c fprintf fprintf fputc fclose 62369->62376 62379 70a0d14a fprintf 62370->62379 62412 70a0d113 fprintf 62370->62412 62413 70a0d181 fprintf 62370->62413 62431 70a0d1b8 fprintf 62370->62431 62399 70a0b551 fputc 62371->62399 62372 70a0c758 fprintf fputc fclose 62377 70a0c78d 62372->62377 62373 70a0b85f _errno 62381 70a0b882 fprintf 62373->62381 62382 70a0b867 _errno strerror fprintf 62373->62382 62374 70a0c87a 62385 70a0d415 fprintf 62374->62385 62386 70a0c886 _errno 62374->62386 62375->62376 62392 70a0c399 fprintf 62376->62392 62395 70a0c79e fprintf 62377->62395 62929 70a04230 7 API calls 62378->62929 62379->62370 62380 70a0bc4c _errno 62380->62433 62404 70a0b8e2 62381->62404 62382->62381 62414 70a0d44c _errno strerror fprintf 62385->62414 62389 70a0c894 fprintf fprintf fputc fclose 62386->62389 62390 70a0d74d _errno strerror fprintf 62386->62390 62407 70a0c8f1 fprintf 62389->62407 62390->62454 62391 70a0d240 _errno 62401 70a0d251 _errno strerror fprintf 62391->62401 62391->62581 62409 70a0c3ab fputc 62392->62409 62393 70a0c923 fprintf 62410 70a0c950 memcpy 62393->62410 62394 70a0cd10 62394->62370 62396 70a0cd1c _errno 62394->62396 62411 70a0c7b3 fputc 62395->62411 62402 70a0cd41 fprintf 62396->62402 62403 70a0cd26 _errno strerror fprintf 62396->62403 62397 70a0b8ad fprintf fputc fclose 62397->62404 62399->62652 62401->62581 62442 70a0cd8b 62402->62442 62403->62402 62404->62397 62418 70a0b8f3 fprintf 62404->62418 62405 70a0d599 fprintf 62405->62581 62406 70a0a974 62406->62347 62429 70a0a97c 62406->62429 62416 70a0c903 fputc 62407->62416 62408 70a0d27a fprintf fprintf fputc fclose 62408->62581 62409->62652 62410->62454 62417 70a0c7c5 62411->62417 62412->62370 62413->62370 62420 70a0d46c 62414->62420 62415 70a0a98d free free 62419 70a0a9ac 62415->62419 62415->62454 62416->62582 62925 70a04230 7 API calls 62417->62925 62432 70a0b908 fputc 62418->62432 62426 70a0a9b5 strncmp 62419->62426 62419->62454 62932 70a04230 7 API calls 62420->62932 62421 70a0d2c9 fprintf 62438 70a0d2db fputc 62421->62438 62424 70a0d5d7 fprintf 62443 70a0d600 _errno strerror fprintf 62424->62443 62425 70a0bd19 strncmp 62425->62433 62425->62454 62434 70a0a9dd strncmp 62426->62434 62461 70a0aeb0 62426->62461 62427 70a0bf57 62427->62652 62914 70a04230 7 API calls 62427->62914 62429->62415 62437 70a04a00 49 API calls 62429->62437 62430 70a0c7d8 62440 70a0c7e4 _errno 62430->62440 62441 70a0cc8f fprintf 62430->62441 62451 70a0d1e1 _errno strerror fprintf 62431->62451 62432->62454 62433->62180 62444 70a0ad74 atof _time64 62434->62444 62445 70a0a9fa 62434->62445 62435 70a0b7b9 strncmp 62435->62427 62435->62454 62436 70a0d47f 62447 70a0d70c fprintf 62436->62447 62448 70a0d48b _errno 62436->62448 62439 70a0ae67 62437->62439 62449 70a0d2ed free 62438->62449 62439->62415 62440->62450 62440->62451 62441->62352 62930 70a04230 7 API calls 62442->62930 62468 70a0d620 _errno strerror fprintf 62443->62468 62465 70a0b563 62444->62465 62466 70a0add6 62444->62466 62445->62454 62455 70a0aa06 strncmp 62445->62455 62480 70a0c179 fprintf 62447->62480 62457 70a0c12a fprintf fprintf fputc fclose 62448->62457 62458 70a0d9b8 _errno strerror fprintf 62448->62458 62460 70a0d640 62449->62460 62449->62582 62450->62354 62451->62356 62454->62425 62454->62427 62454->62433 62454->62435 62454->62447 62464 70a0b708 _errno 62454->62464 62454->62581 62454->62582 62454->62652 62469 70a0aa29 62455->62469 62484 70a0aa4a 62455->62484 62456 70a0bf9a 62470 70a0bfa6 _errno 62456->62470 62471 70a0ce37 fprintf 62456->62471 62457->62480 62476 70a0d9d8 _errno strerror fprintf 62458->62476 62501 70a0d8a5 fprintf 62460->62501 62502 70a0d65f _errno 62460->62502 62934 70a04230 7 API calls 62460->62934 62473 70a0aee1 62461->62473 62475 70a0b2e9 62461->62475 62493 70a0b28a sprintf strstr 62461->62493 62462 70a0cd9e 62462->62370 62474 70a0cdaa _errno 62462->62474 62464->62433 62481 70a0b571 62465->62481 62482 70a0ba62 62465->62482 62466->62454 62491 70a0bb50 62466->62491 62466->62652 62468->62460 62483 70a0be80 _time64 62469->62483 62469->62484 62478 70a0bfb0 _errno strerror fprintf 62470->62478 62479 70a0bfcb 62470->62479 62471->62339 62472 70a0aa84 strncmp 62485 70a0af30 62472->62485 62486 70a0aaa9 strncmp 62472->62486 62487 70a0b962 62473->62487 62473->62652 62474->62468 62488 70a0cdb6 fprintf fprintf fputc fclose 62474->62488 62475->62417 62475->62454 62475->62652 62476->62454 62478->62479 62517 70a0bff7 62479->62517 62479->62652 62540 70a0c199 fputc 62480->62540 62481->62329 62522 70a0b587 _errno strerror 62481->62522 62909 70a04230 7 API calls 62482->62909 62483->62334 62484->62433 62484->62454 62484->62472 62495 70a0b740 62485->62495 62496 70a0af4e 62485->62496 62492 70a0b070 62486->62492 62684 70a0aac9 62486->62684 62908 70a04230 7 API calls 62487->62908 62509 70a0ce13 fprintf 62488->62509 62910 70a04230 7 API calls 62491->62910 62518 70a0b091 62492->62518 62668 70a0c442 62492->62668 62507 70a0b2c3 strcmp 62493->62507 62508 70a0d054 strstr 62493->62508 62494 70a0ba75 62510 70a0ba81 _errno 62494->62510 62511 70a0ca09 fprintf 62494->62511 62907 70a230c0 24 API calls 62495->62907 62529 70a0c1b0 62496->62529 62549 70a0af67 62496->62549 62498 70a0cfa8 fprintf 62571 70a0cfdf fprintf 62498->62571 62499 70a0caad _errno 62513 70a0cad2 fprintf fprintf fputc fclose 62499->62513 62514 70a0cab7 _errno strerror fprintf 62499->62514 62565 70a0d8dc fprintf 62501->62565 62502->62476 62516 70a0d66a fprintf fprintf fputc fclose 62502->62516 62503 70a0bc7f _errno 62519 70a0d0e5 _errno strerror fprintf 62503->62519 62520 70a0bc8b fprintf fprintf fputc fclose 62503->62520 62506 70a0aad2 strncmp 62524 70a0b3c0 62506->62524 62525 70a0aaf8 strncmp 62506->62525 62507->62473 62507->62475 62508->62507 62538 70a0d071 strstr 62508->62538 62548 70a0ce25 fputc 62509->62548 62527 70a0ba90 _errno strerror fprintf 62510->62527 62528 70a0baab 8 API calls 62510->62528 62531 70a0ca57 fprintf 62511->62531 62551 70a0cb2f fprintf 62513->62551 62514->62513 62515 70a0bb63 62515->62531 62532 70a0bb6f _errno 62515->62532 62555 70a0d6c7 fprintf 62516->62555 62915 70a04230 7 API calls 62517->62915 62535 70a0b09c 62518->62535 62536 70a0b100 62518->62536 62519->62370 62558 70a0bce8 fprintf 62520->62558 62521 70a0d7d1 _errno 62539 70a0d7d8 _errno strerror fprintf 62521->62539 62521->62581 62522->62652 62523 70a0b975 62541 70a0b981 _errno 62523->62541 62542 70a0c968 fprintf 62523->62542 62903 70a230c0 24 API calls 62524->62903 62545 70a0b5b2 62525->62545 62546 70a0ab18 strncmp 62525->62546 62527->62528 62567 70a0bb20 fprintf 62528->62567 62561 70a0c1c7 62529->62561 62529->62652 62530 70a0b755 62530->62454 62530->62652 62921 70a04230 7 API calls 62530->62921 62531->62581 62552 70a0bb94 fprintf fprintf fputc fclose 62532->62552 62553 70a0bb79 _errno strerror fprintf 62532->62553 62533 70a0cb61 fprintf 62533->62454 62901 70a230c0 24 API calls 62535->62901 62559 70a0b113 62536->62559 62572 70a0c0d3 62536->62572 62538->62507 62560 70a0d08e strstr 62538->62560 62539->62581 62540->62652 62543 70a0cf51 _errno strerror fprintf 62541->62543 62544 70a0b98d fprintf fprintf fputc fclose 62541->62544 62594 70a0c99f 62542->62594 62584 70a0cf71 fprintf 62543->62584 62575 70a0b9f1 fprintf 62544->62575 62905 70a230c0 24 API calls 62545->62905 62564 70a0ab35 strncmp 62546->62564 62546->62684 62548->62471 62899 70a22f50 60 API calls 62549->62899 62550 70a0d98f fprintf 62550->62458 62578 70a0cb41 fputc 62551->62578 62579 70a0bbf1 fprintf 62552->62579 62553->62552 62580 70a0d6d9 fputc 62555->62580 62556 70a0c00a 62556->62350 62569 70a0c016 _errno 62556->62569 62590 70a0bcfa fputc 62558->62590 62559->62594 62683 70a0b0b4 62559->62683 62560->62507 62918 70a04230 7 API calls 62561->62918 62564->62454 62576 70a0ab52 strchr 62564->62576 62565->62371 62598 70a0bb35 fputc 62567->62598 62585 70a0b258 fprintf fprintf fputc fclose 62569->62585 62586 70a0c01e _errno strerror fprintf 62569->62586 62570 70a0da02 62632 70a0d016 fprintf 62571->62632 62589 70a0c0e8 62572->62589 62572->62652 62574 70a0c1da 62574->62571 62593 70a0c1e6 _errno 62574->62593 62610 70a0ba0a fputc 62575->62610 62595 70a0bc15 62576->62595 62596 70a0ab6d 62576->62596 62577 70a0af88 62577->62410 62599 70a0af90 62577->62599 62578->62581 62615 70a0bc03 fputc 62579->62615 62580->62454 62581->62360 62581->62373 62581->62391 62581->62393 62581->62405 62581->62408 62581->62421 62581->62424 62581->62498 62581->62499 62581->62503 62581->62521 62581->62533 62581->62550 62605 70a0d814 fprintf 62581->62605 62630 70a0d351 _errno 62581->62630 62582->62380 62584->62498 62585->62371 62586->62585 62587 70a0b0bc 62587->62420 62587->62652 62588 70a0c5a9 62588->62652 62922 70a04230 7 API calls 62588->62922 62917 70a04230 7 API calls 62589->62917 62590->62454 62592 70a0b5dc 62606 70a0ba20 62592->62606 62607 70a0b5e7 62592->62607 62608 70a0d4e0 _errno strerror fprintf 62593->62608 62609 70a0c1f4 fprintf fprintf fputc fclose 62593->62609 62611 70a0c9b4 62594->62611 62594->62652 62595->62378 62595->62582 62613 70a0ab7a strchr 62596->62613 62675 70a0c670 strchr 62596->62675 62598->62491 62614 70a0cec5 62599->62614 62599->62652 62600 70a0c428 62600->62370 62618 70a0c434 _errno 62600->62618 62602 70a0c4e2 isxdigit 62602->62588 62602->62668 62605->62581 62612 70a0cbca 62606->62612 62606->62652 62607->62479 62607->62607 62637 70a0b63e strncmp 62607->62637 62638 70a0ac3b 62608->62638 62639 70a0c243 fprintf 62609->62639 62610->62606 62927 70a04230 7 API calls 62611->62927 62928 70a04230 7 API calls 62612->62928 62613->62354 62626 70a0ab97 62613->62626 62931 70a04230 7 API calls 62614->62931 62615->62595 62616 70a0bf00 62616->62652 62913 70a04230 7 API calls 62616->62913 62617 70a0b3ea 62617->62454 62617->62616 62628 70a0b44c strncmp 62617->62628 62618->62443 62618->62668 62620 70a0c0fb 62620->62584 62633 70a0c107 _errno 62620->62633 62621 70a0c3c0 62621->62442 62621->62652 62623 70a0c5d8 62635 70a0d554 fprintf 62623->62635 62636 70a0c5e4 _errno 62623->62636 62897 70a024c0 strlen strlen malloc _strdup 62626->62897 62628->62616 62646 70a0b464 62628->62646 62648 70a0d885 _errno strerror fprintf 62630->62648 62649 70a0d35d fprintf fprintf fputc fclose 62630->62649 62631 70a0c4ff isxdigit 62631->62588 62631->62668 62632->62371 62633->62457 62650 70a0c10f _errno strerror fprintf 62633->62650 62634 70a0c275 62642 70a0c28a 62634->62642 62634->62652 62635->62581 62636->62652 62653 70a0c5ec _errno strerror fprintf 62636->62653 62637->62479 62654 70a0b656 62637->62654 62737 70a0ac52 62638->62737 62933 70a04230 7 API calls 62638->62933 62699 70a0c263 fputc 62639->62699 62640 70a0c9c7 62656 70a0c9d3 _errno 62640->62656 62657 70a0d4a9 fprintf 62640->62657 62919 70a04230 7 API calls 62642->62919 62645 70a0ced8 62663 70a0cee4 _errno 62645->62663 62664 70a0d3de fprintf 62645->62664 62646->62454 62646->62652 62691 70a0b49e 62646->62691 62647 70a0cbdd 62666 70a0cbe9 _errno 62647->62666 62667 70a0d0ae fprintf 62647->62667 62648->62501 62682 70a0d3ba fprintf 62649->62682 62650->62457 62651 70a0c080 62651->62652 62665 70a0c095 62651->62665 62652->62329 62653->62652 62654->62454 62686 70a0b679 62654->62686 62656->62457 62672 70a0c9db _errno strerror fprintf 62656->62672 62657->62480 62658 70a0aba2 62658->62454 62898 70a04900 15 API calls 62658->62898 62660 70a0c6d3 atof 62660->62454 62660->62676 62661 70a0c6b5 atof 62661->62454 62661->62675 62662 70a0bf28 62662->62402 62677 70a0bf34 _errno 62662->62677 62663->62609 62678 70a0ceec _errno strerror fprintf 62663->62678 62664->62639 62916 70a04230 7 API calls 62665->62916 62680 70a0cbf3 _errno strerror fprintf 62666->62680 62681 70a0cc0e fprintf fprintf fputc fclose 62666->62681 62667->62519 62668->62450 62668->62511 62668->62570 62668->62588 62668->62602 62668->62631 62668->62684 62711 70a0c577 memcmp 62668->62711 62669 70a0bddb strncmp 62669->62651 62669->62684 62670 70a0d513 62670->62581 62687 70a0d51f _errno 62670->62687 62672->62457 62674 70a0c29d 62674->62632 62689 70a0c2a9 _errno 62674->62689 62675->62660 62675->62661 62676->62581 62923 70a04230 7 API calls 62676->62923 62677->62427 62690 70a0bf3c _errno strerror fprintf 62677->62690 62678->62609 62680->62681 62706 70a0cc6b fprintf 62681->62706 62705 70a0d3cc fputc 62682->62705 62683->62587 62683->62634 62683->62684 62684->62454 62684->62506 62684->62588 62684->62621 62684->62651 62684->62669 62696 70a0be15 62684->62696 62712 70a0b200 62684->62712 62911 70a230c0 24 API calls 62684->62911 62686->62652 62697 70a0b68e 62686->62697 62687->62581 62698 70a0d526 _errno strerror fprintf 62687->62698 62689->62585 62701 70a0c2b3 _errno strerror fprintf 62689->62701 62690->62427 62904 70a04230 7 API calls 62691->62904 62692 70a0c0a8 62703 70a0c0b4 _errno 62692->62703 62704 70a0cf1a fprintf 62692->62704 62696->62652 62707 70a0be2a 62696->62707 62906 70a04230 7 API calls 62697->62906 62698->62581 62699->62652 62700 70a0abbb 62700->62449 62709 70a0abca free 62700->62709 62701->62585 62703->62414 62703->62585 62704->62371 62705->62664 62719 70a0cc7d fputc 62706->62719 62912 70a04230 7 API calls 62707->62912 62709->62632 62715 70a0abde 62709->62715 62710 70a0b4b1 62717 70a0d94a fprintf 62710->62717 62718 70a0b4bd _errno 62710->62718 62711->62668 62712->62652 62720 70a0b217 62712->62720 62714 70a0b6a1 62722 70a0d913 fprintf 62714->62722 62723 70a0b6ad _errno 62714->62723 62715->62632 62732 70a0ac0b free atof 62715->62732 62717->62581 62718->62585 62724 70a0b4c4 _errno strerror fprintf 62718->62724 62719->62441 62902 70a04230 7 API calls 62720->62902 62721 70a0be3d 62721->62565 62726 70a0be49 _errno 62721->62726 62722->62371 62723->62585 62727 70a0b6b4 _errno strerror fprintf 62723->62727 62724->62585 62726->62585 62730 70a0be50 _errno strerror fprintf 62726->62730 62727->62585 62729 70a0b22a 62733 70a0b236 _errno 62729->62733 62734 70a0d77b fprintf 62729->62734 62730->62585 62732->62454 62732->62638 62733->62585 62735 70a0b23d _errno strerror fprintf 62733->62735 62734->62371 62735->62585 62737->62380 62738->62182 62740 70a2b9a1 62739->62740 62741 70a2bdba 62739->62741 62743 70a2bda1 62740->62743 62753 70a0a820 62740->62753 62935 70a2d050 __iob_func abort 62740->62935 62937 70a2d050 __iob_func abort 62741->62937 62936 70a2d050 __iob_func abort 62743->62936 62753->62334 62753->62336 62753->62337 62770 70a2fff0 62769->62770 62771 70a3044c 62769->62771 62773 70a30433 62770->62773 62776 70a3000b 62770->62776 62777 70a3041a 62770->62777 62945 70a2d050 __iob_func abort 62771->62945 62773->62771 62944 70a2d050 __iob_func abort 62773->62944 62783 70a0a916 62776->62783 62784 70a30065 calloc 62776->62784 62943 70a2d050 __iob_func abort 62777->62943 62783->62347 62812 70a30c10 62783->62812 62787 70a30084 62784->62787 62794 70a30168 62784->62794 62938 70a33110 6 API calls 62787->62938 62790 70a300ba 62791 70a30130 62790->62791 62792 70a300be 62790->62792 62940 70a32fa0 __iob_func abort calloc free 62791->62940 62939 70a32fa0 __iob_func abort calloc free 62792->62939 62798 70a30223 62794->62798 62799 70a30390 62794->62799 62805 70a30114 62794->62805 62798->62805 62941 70a32fa0 __iob_func abort calloc free 62798->62941 62799->62805 62942 70a32fa0 __iob_func abort calloc free 62799->62942 62800 70a3011e free 62800->62783 62805->62800 62813 70a30eab 62812->62813 62814 70a30c4f 62812->62814 62950 70a2d050 __iob_func abort 62813->62950 62816 70a30e92 62814->62816 62819 70a30e79 62814->62819 62823 70a30e60 62814->62823 62829 70a30c6a 62814->62829 62949 70a2d050 __iob_func abort 62816->62949 62818 70a30ec4 memcmp 62821 70a30eda 62818->62821 62822 70a30dce free 62818->62822 62948 70a2d050 __iob_func abort 62819->62948 62821->62822 62825 70a30dd6 free 62822->62825 62947 70a2d050 __iob_func abort 62823->62947 62827 70a30de5 62825->62827 62826 70a0a968 62851 70a2ff60 62826->62851 62827->62825 62828 70a36b50 22 API calls 62827->62828 62828->62827 62829->62826 62830 70a30ce4 malloc 62829->62830 62830->62826 62831 70a30cfb 62830->62831 62831->62825 62832 70a30d3a free 62831->62832 62833 70a30d4e 62831->62833 62832->62826 62833->62827 62834 70a30d57 malloc 62833->62834 62834->62825 62835 70a30d89 62834->62835 62946 70a377e0 memcpy 62835->62946 62837 70a30db8 62837->62822 62838 70a30dc3 62837->62838 62839 70a30e31 62837->62839 62838->62818 62838->62822 62839->62827 62951 70a324f0 __iob_func abort 62839->62951 62841 70a30fe1 62842 70a3102b 62841->62842 62952 70a324f0 __iob_func abort 62841->62952 62846 70a310cd free 62842->62846 62953 70a337f0 __iob_func abort 62842->62953 62845 70a31048 62845->62846 62847 70a3104f 62845->62847 62847->62822 62848 70a3107d memcmp 62847->62848 62848->62822 62849 70a3109f 62848->62849 62849->62822 62850 70a310ad memcmp 62849->62850 62850->62821 62850->62822 62852 70a2ffb4 62851->62852 62853 70a2ff6c 62851->62853 62954 70a2d050 __iob_func abort 62852->62954 62853->62406 62897->62658 62898->62700 62899->62577 62900->62333 62901->62683 62902->62729 62903->62617 62904->62710 62905->62592 62906->62714 62907->62530 62908->62523 62909->62494 62910->62515 62911->62684 62912->62721 62913->62662 62914->62456 62915->62556 62916->62692 62917->62620 62918->62574 62919->62674 62920->62363 62921->62600 62922->62623 62923->62343 62924->62372 62925->62430 62926->62374 62927->62640 62928->62647 62929->62394 62930->62462 62931->62645 62932->62436 62933->62670 62934->62460 62938->62790 62939->62805 62940->62794 62941->62805 62942->62805 62946->62837 62951->62841 62952->62842 62953->62845 62955 7ff7cfbca754 62976 7ff7cfbcabb4 62955->62976 62958 7ff7cfbca8a0 63076 7ff7cfbcaee0 7 API calls 2 library calls 62958->63076 62959 7ff7cfbca770 __scrt_acquire_startup_lock 62961 7ff7cfbca8aa 62959->62961 62968 7ff7cfbca78e __scrt_release_startup_lock 62959->62968 63077 7ff7cfbcaee0 7 API calls 2 library calls 62961->63077 62963 7ff7cfbca7b3 62964 7ff7cfbca8b5 62965 7ff7cfbca839 62982 7ff7cfbcb02c 62965->62982 62967 7ff7cfbca83e 62985 7ff7cfbc1000 62967->62985 62968->62963 62968->62965 63073 7ff7cfbd4470 33 API calls 62968->63073 62973 7ff7cfbca861 62973->62964 63075 7ff7cfbcad48 7 API calls __scrt_initialize_crt 62973->63075 62975 7ff7cfbca878 62975->62963 63078 7ff7cfbcb1a8 62976->63078 62979 7ff7cfbcabe3 __scrt_initialize_crt 62981 7ff7cfbca768 62979->62981 63080 7ff7cfbcc10c 7 API calls 2 library calls 62979->63080 62981->62958 62981->62959 63081 7ff7cfbcba40 62982->63081 62986 7ff7cfbc100b 62985->62986 63083 7ff7cfbc70f0 62986->63083 62988 7ff7cfbc101d 63094 7ff7cfbd06c8 62988->63094 62996 7ff7cfbc353b 63063 7ff7cfbc363c 62996->63063 63119 7ff7cfbc64e0 62996->63119 62998 7ff7cfbc3589 63000 7ff7cfbc64e0 42 API calls 62998->63000 63013 7ff7cfbc35d5 62998->63013 63002 7ff7cfbc35aa 63000->63002 63002->63013 63214 7ff7cfbcf95c 63002->63214 63007 7ff7cfbc370a 63017 7ff7cfbc374d 63007->63017 63145 7ff7cfbc7490 63007->63145 63008 7ff7cfbc19c0 103 API calls 63012 7ff7cfbc3620 63008->63012 63009 7ff7cfbc6a80 31 API calls 63009->63013 63015 7ff7cfbc3662 63012->63015 63016 7ff7cfbc3624 63012->63016 63134 7ff7cfbc6a80 63013->63134 63014 7ff7cfbc372a 63018 7ff7cfbc3740 SetDllDirectoryW 63014->63018 63019 7ff7cfbc372f 63014->63019 63036 7ff7cfbc36df 63015->63036 63230 7ff7cfbc3b50 63015->63230 63220 7ff7cfbc2760 18 API calls 2 library calls 63016->63220 63159 7ff7cfbc59d0 63017->63159 63018->63017 63260 7ff7cfbc2760 18 API calls 2 library calls 63019->63260 63026 7ff7cfbc37a8 63266 7ff7cfbc5950 14 API calls __vcrt_freefls 63026->63266 63027 7ff7cfbc3684 63258 7ff7cfbc2760 18 API calls 2 library calls 63027->63258 63032 7ff7cfbc37b2 63035 7ff7cfbc3866 63032->63035 63045 7ff7cfbc37bb 63032->63045 63033 7ff7cfbc376a 63033->63026 63262 7ff7cfbc5260 144 API calls 3 library calls 63033->63262 63204 7ff7cfbc2ed0 63035->63204 63036->63007 63259 7ff7cfbc3040 18 API calls 63036->63259 63037 7ff7cfbc36b7 63246 7ff7cfbcc8c4 63037->63246 63041 7ff7cfbc377b 63043 7ff7cfbc377f 63041->63043 63044 7ff7cfbc379e 63041->63044 63263 7ff7cfbc51f0 64 API calls 63043->63263 63265 7ff7cfbc54d0 FreeLibrary 63044->63265 63045->63063 63163 7ff7cfbc2e70 63045->63163 63049 7ff7cfbc3789 63049->63044 63051 7ff7cfbc378d 63049->63051 63050 7ff7cfbc389b 63052 7ff7cfbc64e0 42 API calls 63050->63052 63264 7ff7cfbc5860 19 API calls 63051->63264 63056 7ff7cfbc38a7 63052->63056 63054 7ff7cfbc3841 63267 7ff7cfbc54d0 FreeLibrary 63054->63267 63058 7ff7cfbc38b8 63056->63058 63056->63063 63057 7ff7cfbc379c 63057->63032 63270 7ff7cfbc6ac0 46 API calls 2 library calls 63058->63270 63060 7ff7cfbc3855 63268 7ff7cfbc5950 14 API calls __vcrt_freefls 63060->63268 63221 7ff7cfbca5f0 63063->63221 63064 7ff7cfbc38d0 63271 7ff7cfbc54d0 FreeLibrary 63064->63271 63066 7ff7cfbc38dc 63272 7ff7cfbc5950 14 API calls __vcrt_freefls 63066->63272 63068 7ff7cfbc38e6 63069 7ff7cfbc38f7 63068->63069 63273 7ff7cfbc6780 37 API calls 2 library calls 63068->63273 63274 7ff7cfbc1aa0 65 API calls __vcrt_freefls 63069->63274 63072 7ff7cfbc38ff 63072->63063 63073->62965 63074 7ff7cfbcb070 GetModuleHandleW 63074->62973 63075->62975 63076->62961 63077->62964 63079 7ff7cfbcabd6 __scrt_dllmain_crt_thread_attach 63078->63079 63079->62979 63079->62981 63080->62981 63082 7ff7cfbcb043 GetStartupInfoW 63081->63082 63082->62967 63086 7ff7cfbc710f 63083->63086 63084 7ff7cfbc7117 63084->62988 63085 7ff7cfbc7160 WideCharToMultiByte 63085->63086 63088 7ff7cfbc7207 63085->63088 63086->63084 63086->63085 63086->63088 63089 7ff7cfbc71b6 WideCharToMultiByte 63086->63089 63275 7ff7cfbc2610 16 API calls 2 library calls 63088->63275 63089->63086 63089->63088 63090 7ff7cfbc7233 63091 7ff7cfbc7251 63090->63091 63093 7ff7cfbcf95c __vcrt_freefls 14 API calls 63090->63093 63092 7ff7cfbcf95c __vcrt_freefls 14 API calls 63091->63092 63092->63084 63093->63090 63098 7ff7cfbda4c4 63094->63098 63095 7ff7cfbda547 63277 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63095->63277 63097 7ff7cfbda54c 63278 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63097->63278 63098->63095 63100 7ff7cfbda508 63098->63100 63276 7ff7cfbda3a0 61 API calls _fread_nolock 63100->63276 63102 7ff7cfbc351b 63103 7ff7cfbc1ae0 63102->63103 63104 7ff7cfbc1af5 63103->63104 63106 7ff7cfbc1b10 63104->63106 63279 7ff7cfbc24c0 40 API calls 3 library calls 63104->63279 63106->63063 63107 7ff7cfbc3a40 63106->63107 63280 7ff7cfbca620 63107->63280 63109 7ff7cfbc3a4c GetModuleFileNameW 63110 7ff7cfbc3a92 63109->63110 63111 7ff7cfbc3a7b 63109->63111 63283 7ff7cfbc75a0 18 API calls 63110->63283 63282 7ff7cfbc2610 16 API calls 2 library calls 63111->63282 63114 7ff7cfbc3aa5 63115 7ff7cfbc3a8e 63114->63115 63284 7ff7cfbc2760 18 API calls 2 library calls 63114->63284 63117 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63115->63117 63118 7ff7cfbc3acf 63117->63118 63118->62996 63120 7ff7cfbc64ea 63119->63120 63121 7ff7cfbc7490 16 API calls 63120->63121 63122 7ff7cfbc650c GetEnvironmentVariableW 63121->63122 63123 7ff7cfbc6576 63122->63123 63124 7ff7cfbc6524 ExpandEnvironmentStringsW 63122->63124 63125 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63123->63125 63285 7ff7cfbc75a0 18 API calls 63124->63285 63127 7ff7cfbc6588 63125->63127 63127->62998 63128 7ff7cfbc654c 63128->63123 63129 7ff7cfbc6556 63128->63129 63286 7ff7cfbd4ba8 30 API calls _wfindfirst32i64 63129->63286 63131 7ff7cfbc655e 63132 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63131->63132 63133 7ff7cfbc656e 63132->63133 63133->62998 63135 7ff7cfbc7490 16 API calls 63134->63135 63136 7ff7cfbc6a97 SetEnvironmentVariableW 63135->63136 63137 7ff7cfbcf95c __vcrt_freefls 14 API calls 63136->63137 63138 7ff7cfbc35ea 63137->63138 63139 7ff7cfbc19c0 63138->63139 63140 7ff7cfbc19f0 63139->63140 63143 7ff7cfbc1a6a 63140->63143 63287 7ff7cfbc17a0 63140->63287 63143->63008 63143->63036 63144 7ff7cfbcc8c4 64 API calls 63144->63143 63146 7ff7cfbc74b1 MultiByteToWideChar 63145->63146 63147 7ff7cfbc7537 MultiByteToWideChar 63145->63147 63150 7ff7cfbc74d7 63146->63150 63151 7ff7cfbc74fc 63146->63151 63148 7ff7cfbc757f 63147->63148 63149 7ff7cfbc755a 63147->63149 63148->63014 63351 7ff7cfbc2610 16 API calls 2 library calls 63149->63351 63349 7ff7cfbc2610 16 API calls 2 library calls 63150->63349 63151->63147 63156 7ff7cfbc7512 63151->63156 63154 7ff7cfbc756d 63154->63014 63155 7ff7cfbc74ea 63155->63014 63350 7ff7cfbc2610 16 API calls 2 library calls 63156->63350 63158 7ff7cfbc7525 63158->63014 63160 7ff7cfbc59e5 63159->63160 63161 7ff7cfbc3752 63160->63161 63352 7ff7cfbc24c0 40 API calls 3 library calls 63160->63352 63161->63026 63261 7ff7cfbc56b0 105 API calls 2 library calls 63161->63261 63353 7ff7cfbc4770 63163->63353 63166 7ff7cfbc2ebd 63166->63054 63168 7ff7cfbc2e94 63168->63166 63401 7ff7cfbc4540 63168->63401 63170 7ff7cfbc2ea0 63170->63166 63412 7ff7cfbc4670 63170->63412 63172 7ff7cfbc2eac 63172->63166 63173 7ff7cfbc30e0 63172->63173 63174 7ff7cfbc30f5 63172->63174 63443 7ff7cfbc2760 18 API calls 2 library calls 63173->63443 63176 7ff7cfbc310e 63174->63176 63185 7ff7cfbc3123 63174->63185 63186 7ff7cfbc348d 63185->63186 63188 7ff7cfbcf95c __vcrt_freefls 14 API calls 63185->63188 63189 7ff7cfbc3250 63185->63189 63188->63185 63210 7ff7cfbc2f43 63204->63210 63213 7ff7cfbc2f84 63204->63213 63205 7ff7cfbc2fc3 63207 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63205->63207 63208 7ff7cfbc2fd5 63207->63208 63208->63063 63269 7ff7cfbc6a10 40 API calls __vcrt_freefls 63208->63269 63210->63213 63548 7ff7cfbc2980 63210->63548 63592 7ff7cfbc1440 144 API calls 2 library calls 63210->63592 63594 7ff7cfbc1770 18 API calls 63210->63594 63213->63205 63593 7ff7cfbc1aa0 65 API calls __vcrt_freefls 63213->63593 63215 7ff7cfbd59cc 63214->63215 63216 7ff7cfbd59d1 HeapFree 63215->63216 63217 7ff7cfbc35c9 63215->63217 63216->63217 63218 7ff7cfbd59ec 63216->63218 63217->63009 63666 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63218->63666 63220->63063 63223 7ff7cfbca5f9 63221->63223 63222 7ff7cfbc3650 63222->63074 63223->63222 63224 7ff7cfbca910 IsProcessorFeaturePresent 63223->63224 63225 7ff7cfbca928 63224->63225 63667 7ff7cfbcab04 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 63225->63667 63227 7ff7cfbca93b 63668 7ff7cfbca8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 63227->63668 63231 7ff7cfbc3b5c 63230->63231 63232 7ff7cfbc7490 16 API calls 63231->63232 63233 7ff7cfbc3b87 63232->63233 63234 7ff7cfbc7490 16 API calls 63233->63234 63235 7ff7cfbc3b9a 63234->63235 63669 7ff7cfbd0c88 63235->63669 63238 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63239 7ff7cfbc367c 63238->63239 63239->63027 63240 7ff7cfbc6cf0 63239->63240 63245 7ff7cfbc6d14 63240->63245 63241 7ff7cfbcf95c __vcrt_freefls 14 API calls 63242 7ff7cfbc36b2 63241->63242 63242->63036 63242->63037 63243 7ff7cfbccbe0 _fread_nolock 46 API calls 63243->63245 63244 7ff7cfbc6deb 63244->63241 63245->63243 63245->63244 63247 7ff7cfbcc8db 63246->63247 63248 7ff7cfbcc8f9 63246->63248 63871 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63247->63871 63256 7ff7cfbcc8eb 63248->63256 63870 7ff7cfbcfba0 EnterCriticalSection 63248->63870 63251 7ff7cfbcc8e0 63872 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63251->63872 63256->63027 63258->63063 63259->63007 63260->63063 63261->63033 63262->63041 63263->63049 63264->63057 63265->63026 63266->63032 63267->63060 63268->63063 63269->63050 63270->63064 63271->63066 63272->63068 63273->63069 63274->63072 63275->63090 63276->63102 63277->63097 63278->63102 63279->63106 63281 7ff7cfbca64a 63280->63281 63281->63109 63281->63281 63282->63115 63283->63114 63284->63115 63285->63128 63286->63131 63288 7ff7cfbc17d4 63287->63288 63289 7ff7cfbc17c4 63287->63289 63291 7ff7cfbc6cf0 47 API calls 63288->63291 63313 7ff7cfbc1832 63288->63313 63290 7ff7cfbc3b50 98 API calls 63289->63290 63290->63288 63293 7ff7cfbc1805 63291->63293 63292 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63296 7ff7cfbc19b0 63292->63296 63294 7ff7cfbc181f 63293->63294 63295 7ff7cfbc183c 63293->63295 63293->63313 63326 7ff7cfbc24c0 40 API calls 3 library calls 63294->63326 63317 7ff7cfbccbe0 63295->63317 63296->63143 63296->63144 63299 7ff7cfbc1857 63327 7ff7cfbc24c0 40 API calls 3 library calls 63299->63327 63301 7ff7cfbc1851 63301->63299 63302 7ff7cfbc18d3 63301->63302 63303 7ff7cfbc18ee 63301->63303 63328 7ff7cfbc24c0 40 API calls 3 library calls 63302->63328 63305 7ff7cfbccbe0 _fread_nolock 46 API calls 63303->63305 63306 7ff7cfbc1903 63305->63306 63306->63299 63307 7ff7cfbc1915 63306->63307 63320 7ff7cfbcc954 63307->63320 63310 7ff7cfbc192d 63329 7ff7cfbc2760 18 API calls 2 library calls 63310->63329 63312 7ff7cfbc1940 63314 7ff7cfbc1983 63312->63314 63330 7ff7cfbc2760 18 API calls 2 library calls 63312->63330 63313->63292 63314->63313 63315 7ff7cfbcc8c4 64 API calls 63314->63315 63315->63313 63331 7ff7cfbccc00 63317->63331 63321 7ff7cfbc1929 63320->63321 63322 7ff7cfbcc95d 63320->63322 63321->63310 63321->63312 63347 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63322->63347 63324 7ff7cfbcc962 63348 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63324->63348 63326->63313 63327->63313 63328->63313 63329->63313 63330->63314 63332 7ff7cfbccc2a 63331->63332 63343 7ff7cfbccbf8 63331->63343 63333 7ff7cfbccc76 63332->63333 63334 7ff7cfbccc39 __scrt_get_show_window_mode 63332->63334 63332->63343 63344 7ff7cfbcfba0 EnterCriticalSection 63333->63344 63345 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63334->63345 63338 7ff7cfbccc4e 63346 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63338->63346 63343->63301 63345->63338 63346->63343 63347->63324 63348->63321 63349->63155 63350->63158 63351->63154 63352->63161 63354 7ff7cfbc4780 63353->63354 63355 7ff7cfbc47bb 63354->63355 63357 7ff7cfbc47db 63354->63357 63464 7ff7cfbc2760 18 API calls 2 library calls 63355->63464 63358 7ff7cfbc481a 63357->63358 63360 7ff7cfbc4832 63357->63360 63465 7ff7cfbc2760 18 API calls 2 library calls 63357->63465 63453 7ff7cfbc3ae0 63358->63453 63359 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63366 7ff7cfbc2e7e 63359->63366 63361 7ff7cfbc4869 63360->63361 63466 7ff7cfbc2760 18 API calls 2 library calls 63360->63466 63459 7ff7cfbc6ca0 63361->63459 63366->63166 63375 7ff7cfbc4af0 63366->63375 63369 7ff7cfbc489d 63468 7ff7cfbc3c90 70 API calls 63369->63468 63370 7ff7cfbc487b 63467 7ff7cfbc2610 16 API calls 2 library calls 63370->63467 63373 7ff7cfbc6ca0 31 API calls 63373->63360 63374 7ff7cfbc47d1 63374->63359 63376 7ff7cfbc7490 16 API calls 63375->63376 63377 7ff7cfbc4b12 63376->63377 63378 7ff7cfbc4b17 63377->63378 63379 7ff7cfbc4b2e 63377->63379 63495 7ff7cfbc2760 18 API calls 2 library calls 63378->63495 63382 7ff7cfbc7490 16 API calls 63379->63382 63381 7ff7cfbc4b23 63381->63168 63384 7ff7cfbc4b5c 63382->63384 63386 7ff7cfbc4c03 63384->63386 63387 7ff7cfbc4bde 63384->63387 63399 7ff7cfbc4b61 63384->63399 63385 7ff7cfbc4cd7 63385->63168 63389 7ff7cfbc7490 16 API calls 63386->63389 63496 7ff7cfbc2760 18 API calls 2 library calls 63387->63496 63391 7ff7cfbc4c1c 63389->63391 63390 7ff7cfbc4bf3 63390->63168 63391->63399 63469 7ff7cfbc48d0 63391->63469 63395 7ff7cfbc4c6d 63396 7ff7cfbc4ca4 63395->63396 63398 7ff7cfbcf95c __vcrt_freefls 14 API calls 63395->63398 63395->63399 63398->63395 63400 7ff7cfbc4cc0 63399->63400 63498 7ff7cfbc2760 18 API calls 2 library calls 63399->63498 63400->63168 63402 7ff7cfbc4557 63401->63402 63402->63402 63403 7ff7cfbc4579 63402->63403 63411 7ff7cfbc4590 63402->63411 63513 7ff7cfbc2760 18 API calls 2 library calls 63403->63513 63405 7ff7cfbc4585 63405->63170 63406 7ff7cfbc12b0 105 API calls 63406->63411 63408 7ff7cfbc465d 63408->63170 63410 7ff7cfbcf95c __vcrt_freefls 14 API calls 63410->63411 63411->63406 63411->63408 63411->63410 63514 7ff7cfbc2760 18 API calls 2 library calls 63411->63514 63515 7ff7cfbc1770 18 API calls 63411->63515 63413 7ff7cfbc474d 63412->63413 63415 7ff7cfbc468b 63412->63415 63413->63172 63415->63413 63416 7ff7cfbc2760 18 API calls 63415->63416 63516 7ff7cfbc1770 18 API calls 63415->63516 63416->63415 63454 7ff7cfbc3aea 63453->63454 63455 7ff7cfbc7490 16 API calls 63454->63455 63456 7ff7cfbc3b12 63455->63456 63457 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63456->63457 63458 7ff7cfbc3b3a 63457->63458 63458->63360 63458->63373 63460 7ff7cfbc7490 16 API calls 63459->63460 63461 7ff7cfbc6cb7 LoadLibraryExW 63460->63461 63462 7ff7cfbcf95c __vcrt_freefls 14 API calls 63461->63462 63463 7ff7cfbc4876 63462->63463 63463->63369 63463->63370 63464->63374 63465->63358 63466->63361 63467->63374 63468->63374 63475 7ff7cfbc48ea mbstowcs 63469->63475 63470 7ff7cfbc4a96 63471 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63470->63471 63473 7ff7cfbc4ab5 63471->63473 63497 7ff7cfbc7690 32 API calls __vcrt_freefls 63473->63497 63474 7ff7cfbc49f8 63474->63470 63500 7ff7cfbd4c20 63474->63500 63475->63470 63475->63474 63478 7ff7cfbc4ace 63475->63478 63499 7ff7cfbc1770 18 API calls 63475->63499 63510 7ff7cfbc2760 18 API calls 2 library calls 63478->63510 63481 7ff7cfbc4a1b 63482 7ff7cfbd4c20 _fread_nolock 30 API calls 63481->63482 63495->63381 63496->63390 63497->63395 63498->63385 63499->63475 63501 7ff7cfbd4c29 63500->63501 63503 7ff7cfbc4a0f 63500->63503 63511 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63501->63511 63506 7ff7cfbd0f20 32 API calls 3 library calls 63503->63506 63504 7ff7cfbd4c2e 63512 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63504->63512 63506->63481 63510->63470 63511->63504 63512->63503 63513->63405 63514->63411 63515->63411 63516->63415 63549 7ff7cfbc2996 63548->63549 63550 7ff7cfbc2db9 63549->63550 63595 7ff7cfbc2dd0 63549->63595 63553 7ff7cfbc2ad7 63601 7ff7cfbc6270 80 API calls 63553->63601 63555 7ff7cfbc2dd0 55 API calls 63557 7ff7cfbc2ad3 63555->63557 63556 7ff7cfbc2adf 63559 7ff7cfbc2afc 63556->63559 63602 7ff7cfbc6150 117 API calls 2 library calls 63556->63602 63557->63553 63558 7ff7cfbc2b45 63557->63558 63561 7ff7cfbc2dd0 55 API calls 63558->63561 63591 7ff7cfbc2b16 63559->63591 63603 7ff7cfbc2760 18 API calls 2 library calls 63559->63603 63563 7ff7cfbc2b6e 63561->63563 63564 7ff7cfbc2bc8 63563->63564 63565 7ff7cfbc2dd0 55 API calls 63563->63565 63564->63559 63604 7ff7cfbc6270 80 API calls 63564->63604 63567 7ff7cfbc2b9b 63565->63567 63567->63564 63570 7ff7cfbc2dd0 55 API calls 63567->63570 63568 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63569 7ff7cfbc2b3a 63568->63569 63569->63210 63570->63564 63571 7ff7cfbc1ae0 40 API calls 63577 7ff7cfbc2c2f 63571->63577 63572 7ff7cfbc2bd8 63572->63559 63572->63571 63573 7ff7cfbc2cf6 63572->63573 63573->63559 63582 7ff7cfbc2d0e 63573->63582 63574 7ff7cfbc2d92 63610 7ff7cfbc2760 18 API calls 2 library calls 63574->63610 63576 7ff7cfbc2cf1 63611 7ff7cfbc1aa0 65 API calls __vcrt_freefls 63576->63611 63577->63559 63577->63574 63581 7ff7cfbc2cbc 63577->63581 63583 7ff7cfbc17a0 103 API calls 63581->63583 63584 7ff7cfbc2d74 63582->63584 63582->63591 63606 7ff7cfbc1440 144 API calls 2 library calls 63582->63606 63607 7ff7cfbc1770 18 API calls 63582->63607 63586 7ff7cfbc2cd3 63583->63586 63608 7ff7cfbc2760 18 API calls 2 library calls 63584->63608 63586->63582 63588 7ff7cfbc2cd7 63586->63588 63587 7ff7cfbc2d85 63609 7ff7cfbc1aa0 65 API calls __vcrt_freefls 63587->63609 63605 7ff7cfbc24c0 40 API calls 3 library calls 63588->63605 63591->63568 63592->63210 63593->63213 63594->63210 63596 7ff7cfbc2e04 63595->63596 63597 7ff7cfbc2e3b 63596->63597 63612 7ff7cfbd05c0 63596->63612 63599 7ff7cfbca5f0 _wfindfirst32i64 8 API calls 63597->63599 63600 7ff7cfbc2a86 63599->63600 63600->63553 63600->63555 63601->63556 63602->63559 63603->63591 63604->63572 63605->63576 63606->63582 63607->63582 63608->63587 63609->63591 63610->63576 63611->63559 63613 7ff7cfbd05dd 63612->63613 63614 7ff7cfbd05e9 63612->63614 63629 7ff7cfbcfee4 63613->63629 63653 7ff7cfbcda10 33 API calls 63614->63653 63617 7ff7cfbd0611 63618 7ff7cfbd0621 63617->63618 63654 7ff7cfbd97f0 5 API calls try_get_function 63617->63654 63655 7ff7cfbcfd6c 16 API calls 3 library calls 63618->63655 63621 7ff7cfbd0675 63622 7ff7cfbd068d 63621->63622 63623 7ff7cfbd0679 63621->63623 63625 7ff7cfbcfee4 52 API calls 63622->63625 63624 7ff7cfbd05e2 63623->63624 63656 7ff7cfbd59cc 13 API calls _set_fmode 63623->63656 63624->63597 63627 7ff7cfbd0699 63625->63627 63627->63624 63657 7ff7cfbd59cc 13 API calls _set_fmode 63627->63657 63630 7ff7cfbcff03 63629->63630 63631 7ff7cfbcff1f 63629->63631 63658 7ff7cfbcfc50 13 API calls _invalid_parameter_noinfo 63630->63658 63631->63630 63633 7ff7cfbcff32 CreateFileW 63631->63633 63635 7ff7cfbcff65 63633->63635 63636 7ff7cfbcffac 63633->63636 63634 7ff7cfbcff08 63659 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63634->63659 63661 7ff7cfbd0030 42 API calls 3 library calls 63635->63661 63662 7ff7cfbd04b4 40 API calls 3 library calls 63636->63662 63640 7ff7cfbcff73 63646 7ff7cfbcff8e CloseHandle 63640->63646 63647 7ff7cfbcff1a 63640->63647 63641 7ff7cfbcffb1 63643 7ff7cfbcffb5 63641->63643 63644 7ff7cfbcffc1 63641->63644 63642 7ff7cfbcff0f 63660 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63642->63660 63663 7ff7cfbcfc00 13 API calls 2 library calls 63643->63663 63664 7ff7cfbd0270 34 API calls 63644->63664 63646->63647 63647->63624 63650 7ff7cfbcffce 63665 7ff7cfbd03ac 23 API calls _fread_nolock 63650->63665 63652 7ff7cfbcffbf 63652->63640 63653->63617 63654->63618 63655->63621 63656->63624 63657->63624 63658->63634 63659->63642 63660->63647 63661->63640 63662->63641 63663->63652 63664->63650 63665->63652 63666->63217 63667->63227 63671 7ff7cfbd0bbc 63669->63671 63670 7ff7cfbd0be2 63700 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63670->63700 63671->63670 63674 7ff7cfbd0c15 63671->63674 63673 7ff7cfbd0be7 63701 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63673->63701 63676 7ff7cfbd0c1b 63674->63676 63677 7ff7cfbd0c28 63674->63677 63702 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63676->63702 63688 7ff7cfbd5be4 63677->63688 63679 7ff7cfbc3ba9 63679->63238 63705 7ff7cfbdaf44 EnterCriticalSection 63688->63705 63700->63673 63701->63679 63702->63679 63871->63251 63872->63256 63873 7ff7cfbd69cc 63874 7ff7cfbd69f5 63873->63874 63875 7ff7cfbd6a0d 63873->63875 63898 7ff7cfbcfc50 13 API calls _invalid_parameter_noinfo 63874->63898 63877 7ff7cfbd6a87 63875->63877 63881 7ff7cfbd6a3e 63875->63881 63900 7ff7cfbcfc50 13 API calls _invalid_parameter_noinfo 63877->63900 63878 7ff7cfbd69fa 63899 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63878->63899 63897 7ff7cfbd2284 EnterCriticalSection 63881->63897 63882 7ff7cfbd6a8c 63901 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63882->63901 63886 7ff7cfbd6a94 63902 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63886->63902 63887 7ff7cfbd6a02 63898->63878 63899->63887 63900->63882 63901->63886 63902->63887 61142 7ff7cfbd42d8 61143 7ff7cfbd42f5 GetModuleHandleW 61142->61143 61144 7ff7cfbd433f 61142->61144 61143->61144 61150 7ff7cfbd4302 61143->61150 61152 7ff7cfbd41d0 61144->61152 61150->61144 61166 7ff7cfbd43e0 GetModuleHandleExW 61150->61166 61172 7ff7cfbdaf44 EnterCriticalSection 61152->61172 61167 7ff7cfbd4425 61166->61167 61168 7ff7cfbd4406 GetProcAddress 61166->61168 61170 7ff7cfbd4435 61167->61170 61171 7ff7cfbd442f FreeLibrary 61167->61171 61168->61167 61169 7ff7cfbd441d 61168->61169 61169->61167 61170->61144 61171->61170 63903 7ff7cfbccca8 63904 7ff7cfbccced 63903->63904 63905 7ff7cfbcccca 63903->63905 63904->63905 63907 7ff7cfbcccf2 63904->63907 63917 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63905->63917 63916 7ff7cfbcfba0 EnterCriticalSection 63907->63916 63908 7ff7cfbccccf 63918 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63908->63918 63914 7ff7cfbcccda 63917->63908 63918->63914 63919 7ff7cfbd3048 63920 7ff7cfbd305f 63919->63920 63921 7ff7cfbd307e 63919->63921 63932 7ff7cfbcfc70 13 API calls _invalid_parameter_noinfo 63920->63932 63931 7ff7cfbcfba0 EnterCriticalSection 63921->63931 63924 7ff7cfbd3064 63933 7ff7cfbd5964 30 API calls _invalid_parameter_noinfo 63924->63933 63928 7ff7cfbd306f 63932->63924 63933->63928

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 70A0A7B0 Relevance: 624.0, APIs: 334, Strings: 21, Instructions: 2756stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strncmp$free$_errnofprintf$fputc$strchr$atoffclose$_time64getenvstrerror
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$*$*CODE:$*DOMAIN:$*FIXKEY:$*FLAGS:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*TIME:$*VERSION:$Pyarmor$_vax_%s$clickbank$license.c$pyarmor-test-0001$pytransform.log$regnow$shareit
                                                                                                                                                                                                                            • API String ID: 1877277240-1732257083
                                                                                                                                                                                                                            • Opcode ID: 9a570d108b4c1940485d56054af62b97a88552214d87f5b669533eeeaac584d2
                                                                                                                                                                                                                            • Instruction ID: 4ca2713e25435f366b1f3c853fb61ceeec4d996cdf35d709524cd5d8599ec363
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a570d108b4c1940485d56054af62b97a88552214d87f5b669533eeeaac584d2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE339C71B2874ADAEB149B21FA1079D23A5BB88BC4F44822ADD0E5736CEF3CE505C751
                                                                                                                                                                                                                            Function 70A0E6F0 Relevance: 28.8, APIs: 2, Strings: 17, Instructions: 293stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2169 70a0e6f0-70a0e73f 2170 70a0e9e2-70a0e9e4 2169->2170 2171 70a0e745-70a0e74d 2169->2171 2174 70a0e92e-70a0e93d 2170->2174 2172 70a0e940-70a0e947 2171->2172 2173 70a0e753-70a0e75b 2171->2173 2175 70a0e917-70a0e91e 2172->2175 2173->2172 2176 70a0e761-70a0e791 2173->2176 2178 70a0e927-70a0e929 call 70a01c70 2175->2178 2179 70a0e910 2176->2179 2180 70a0e797-70a0e79f 2176->2180 2178->2174 2179->2175 2182 70a0ea74-70a0ea90 call 70a01c70 2180->2182 2183 70a0e7a5-70a0e7b1 2180->2183 2182->2174 2187 70a0e980-70a0e989 2183->2187 2188 70a0e7b7-70a0e7bc 2183->2188 2189 70a0ea30-70a0ea37 2187->2189 2190 70a0e98f-70a0e996 2187->2190 2194 70a0e7c4-70a0e7e3 2188->2194 2189->2190 2192 70a0ea3d-70a0ea49 2189->2192 2193 70a0e999-70a0e9a0 2190->2193 2192->2193 2193->2194 2195 70a0e9a6-70a0e9b8 2193->2195 2194->2175 2198 70a0e7e9-70a0e7ff 2194->2198 2195->2194 2197 70a0e9be-70a0e9cb 2195->2197 2199 70a0e9d1-70a0e9dd 2197->2199 2200 70a0ea95-70a0ea98 2197->2200 2206 70a0e9f0-70a0ea0c call 70a01c70 2198->2206 2207 70a0e805-70a0e829 strlen strncmp 2198->2207 2199->2194 2201 70a0ea9a-70a0eaa1 2200->2201 2202 70a0eaaf-70a0eab6 2200->2202 2203 70a0eaa4-70a0eaaa 2201->2203 2202->2201 2204 70a0eab8-70a0eac4 2202->2204 2203->2199 2204->2203 2206->2174 2208 70a0e881-70a0e896 call 70a0dc10 2207->2208 2209 70a0e82b-70a0e830 2207->2209 2215 70a0e89b-70a0e8a2 2208->2215 2209->2208 2210 70a0e832-70a0e843 2209->2210 2214 70a0e858-70a0e864 2210->2214 2219 70a0e845-70a0e852 2214->2219 2220 70a0e866-70a0e86d 2214->2220 2216 70a0e950-70a0e954 2215->2216 2217 70a0e8a8-70a0e8b8 2215->2217 2221 70a0ea50-70a0ea54 2216->2221 2222 70a0e95a-70a0e973 2216->2222 2225 70a0e8c1-70a0e8c4 2217->2225 2219->2214 2223 70a0eaea 2219->2223 2220->2219 2224 70a0e86f-70a0e877 2220->2224 2226 70a0eac6-70a0eaca 2221->2226 2227 70a0ea56-70a0ea6f 2221->2227 2222->2225 2232 70a0eaf4-70a0eaf8 2223->2232 2224->2208 2228 70a0e879-70a0e87e 2224->2228 2229 70a0e8f4-70a0e8fd 2225->2229 2230 70a0e8c6-70a0e8c9 2225->2230 2226->2232 2233 70a0eacc-70a0eae5 2226->2233 2227->2225 2228->2208 2229->2178 2247 70a0e8ff-70a0e90e 2229->2247 2230->2229 2234 70a0e8cb-70a0e8d2 2230->2234 2236 70a0eb18-70a0eb1c 2232->2236 2237 70a0eafa-70a0eb13 2232->2237 2233->2225 2239 70a0ea11-70a0ea18 2234->2239 2240 70a0e8d8-70a0e8df 2234->2240 2236->2237 2238 70a0eb1e-70a0eb22 2236->2238 2237->2236 2243 70a0eb42-70a0eb46 2238->2243 2244 70a0eb24-70a0eb3d 2238->2244 2239->2240 2245 70a0ea1e-70a0ea2a 2239->2245 2246 70a0e8e2-70a0e8ef 2240->2246 2249 70a0eb66-70a0eb6a 2243->2249 2250 70a0eb48-70a0eb61 2243->2250 2244->2225 2245->2246 2246->2229 2249->2237 2252 70a0eb6c-70a0eb70 2249->2252 2250->2225 2254 70a0eb90-70a0eb94 2252->2254 2255 70a0eb72-70a0eb8b 2252->2255 2256 70a0ebb4-70a0ebb8 2254->2256 2257 70a0eb96-70a0ebaf 2254->2257 2255->2225 2258 70a0ebd8-70a0ebdc 2256->2258 2259 70a0ebba-70a0ebd3 2256->2259 2257->2225 2258->2225 2262 70a0ebe2-70a0ebfb 2258->2262 2259->2225 2262->2225
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • This obfuscated script is obfuscated by old PyArmor, xrefs: 70A0EB4F
                                                                                                                                                                                                                            • <frozen pyarmor>, xrefs: 70A0E6FC
                                                                                                                                                                                                                            • The runtime library doesn't support Super Mode, xrefs: 70A0E961
                                                                                                                                                                                                                            • Loaded module __main__ not found in sys.modules, xrefs: 70A0EB9D
                                                                                                                                                                                                                            • Incompatible core library, xrefs: 70A0EBE9
                                                                                                                                                                                                                            • Python interpreter is debug version, xrefs: 70A0E940
                                                                                                                                                                                                                            • The python version in runtime is different from the build time, xrefs: 70A0E8B1
                                                                                                                                                                                                                            • Got string from code object failed, xrefs: 70A0E7DC, 70A0E9F7
                                                                                                                                                                                                                            • Check the restrict mode of module failed, xrefs: 70A0EB2B
                                                                                                                                                                                                                            • ssO|i, xrefs: 70A0E770
                                                                                                                                                                                                                            • Marshal loads failed, xrefs: 70A0EB79
                                                                                                                                                                                                                            • Restore module failed, xrefs: 70A0EB01
                                                                                                                                                                                                                            • Check restrict mode of module failed, xrefs: 70A0EAD3
                                                                                                                                                                                                                            • NULL code object, xrefs: 70A0EA7B
                                                                                                                                                                                                                            • Enable restrict mode failed, xrefs: 70A0EBC1
                                                                                                                                                                                                                            • Invalid parameter, xrefs: 70A0E910
                                                                                                                                                                                                                            • The runtime library doesn't support Advanced Mode, xrefs: 70A0EA5D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strlenstrncmp
                                                                                                                                                                                                                            • String ID: <frozen pyarmor>$Check restrict mode of module failed$Check the restrict mode of module failed$Enable restrict mode failed$Got string from code object failed$Incompatible core library$Invalid parameter$Loaded module __main__ not found in sys.modules$Marshal loads failed$NULL code object$Python interpreter is debug version$Restore module failed$The python version in runtime is different from the build time$The runtime library doesn't support Advanced Mode$The runtime library doesn't support Super Mode$This obfuscated script is obfuscated by old PyArmor$ssO|i
                                                                                                                                                                                                                            • API String ID: 1310274236-189690365
                                                                                                                                                                                                                            • Opcode ID: de706c7b0686e13caf34838300ca2eb59b35a277f68e4ab34e64101f44a6eaba
                                                                                                                                                                                                                            • Instruction ID: 0aee0237f40bce89063e8129e8596ff9a551f9254ead37a138e556fc0b69fed3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de706c7b0686e13caf34838300ca2eb59b35a277f68e4ab34e64101f44a6eaba
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7ED15E72B0AA09C5EB01CF15FC9035963B5F7A9B88F548626C94E07728EF7CE589E341
                                                                                                                                                                                                                            Function 70A708E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24nativethreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • NtSetInformationThread.NTDLL ref: 70A70940
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InformationThread
                                                                                                                                                                                                                            • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                                                                            • API String ID: 4046476035-3743287242
                                                                                                                                                                                                                            • Opcode ID: e5a8ab297af3254c8973ab1e1034aa530dc4ab812a2c1580ad32ee085639b3a6
                                                                                                                                                                                                                            • Instruction ID: cdb0693797393069ef7bf62cf4e489569018370bbe9361c0ef7875bb976b5615
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5a8ab297af3254c8973ab1e1034aa530dc4ab812a2c1580ad32ee085639b3a6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF01535B18A48CAEB609B06FC5034A2360F39CB98F544225DA9D83774EF2CD709CB00
                                                                                                                                                                                                                            Function 70A6FC00 Relevance: 3.2, APIs: 2, Instructions: 651COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: mallocmemcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4276657696-0
                                                                                                                                                                                                                            • Opcode ID: 59ec0480ac1d7ffcf86410bb1f68e875519e8c595487042376e28e36e18d3dd9
                                                                                                                                                                                                                            • Instruction ID: 78695baced311355cef1ba5b5531bfe14b6a93d05df77b1a100f4f75cb1eba37
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59ec0480ac1d7ffcf86410bb1f68e875519e8c595487042376e28e36e18d3dd9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D427B71A15A44C6EB35CBA1EC91B7D2724FB89B8AF51E236DA4EC732CCB38D5018345
                                                                                                                                                                                                                            Function 70A199F0 Relevance: 2280.3, APIs: 1190, Strings: 109, Instructions: 7009libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$_errno
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$3des$PyArg_ParseTuple$PyBool_FromLong$PyByteArray_AsString$PyBytes_AsString$PyBytes_AsStringAndSize$PyBytes_FromStringAndSize$PyBytes_Size$PyCFunction_Call$PyCFunction_NewEx$PyCell_Set$PyCode_Type$PyDict_Clear$PyDict_Copy$PyDict_GetItemString$PyDict_SetItem$PyDict_SetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Format$PyErr_NoMemory$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyErr_SetString$PyEval_EvalCode$PyEval_EvalFrameEx$PyEval_GetBuiltins$PyEval_GetFrame$PyEval_GetGlobals$PyEval_GetLocals$PyEval_SetProfile$PyEval_SetTrace$PyExc_ImportError$PyExc_RuntimeError$PyFrame_LocalsToFast$PyFrame_Type$PyFunction_Type$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ExecCodeModuleEx$PyImport_GetMagicNumber$PyImport_GetModuleDict$PyImport_ImportModule$PyList_GetItem$PyList_Size$PyLong_AsLong$PyLong_FromLong$PyMarshal_ReadObjectFromString$PyMarshal_WriteObjectToFile$PyMarshal_WriteObjectToString$PyModule_GetDict$PyObject_GetAttrString$PyObject_Print$PyObject_SetAttrString$PyObject_Size$PyObject_Type$PyString_AsStringAndSize$PyString_Format$PyString_FromStringAndSize$PyString_Size$PyString_Type$PySys_GetObject$PySys_SetObject$PyThreadState_Get$PyTuple_GetItem$PyTuple_GetSlice$PyTuple_New$PyTuple_SetItem$PyTuple_Size$PyType_GenericNew$PyUnicodeUCS2_AsUTF8String$PyUnicodeUCS2_Format$PyUnicodeUCS2_FromString$PyUnicodeUCS4_AsUTF8String$PyUnicodeUCS4_Format$PyUnicodeUCS4_FromString$PyUnicode_AsUTF8String$PyUnicode_Fill$PyUnicode_Format$PyUnicode_FromString$PyUnicode_Type$Py_BuildValue$Py_CompileString$Py_CompileStringExFlags$Py_DebugFlag$Py_DecRef$Py_Exit$Py_IncRef$Py_InspectFlag$Py_InteractiveFlag$Py_ReprEnter$_PyEval_EvalFrameDefault$_Py_NoneStruct$_Py_TrueStruct$_pytransform.c$aes$dumps$license.c$license.lic$loads$marshal$pyshield.lic$pytransform.log$sha256$sprng$wrapper.c
                                                                                                                                                                                                                            • API String ID: 1566810575-3086871561
                                                                                                                                                                                                                            • Opcode ID: bd406935070ba2316a5d549f7af733740b896774029f340e28a553630994f88f
                                                                                                                                                                                                                            • Instruction ID: 1be5c78c5f67ae6cdf033322386b53d9bab3f6176190fe4a2954bc2fb93f7283
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd406935070ba2316a5d549f7af733740b896774029f340e28a553630994f88f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AE36BB0B28756E9EB05DB11FD1079C23A5BB49BC4F448226990E1B3A8DF3CF646C356
                                                                                                                                                                                                                            Function 70A0DA10 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 96COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2149 70a0da10-70a0da30 call 70a05fd0 2152 70a0da80-70a0da8f 2149->2152 2153 70a0da32-70a0da64 call 70a0a7b0 2149->2153 2155 70a0daa0-70a0dab9 call 70a04230 2152->2155 2156 70a0da91-70a0da9b _errno 2152->2156 2157 70a0da69-70a0da6f free 2153->2157 2161 70a0db4c-70a0db7e fprintf 2155->2161 2162 70a0dabf-70a0dac5 _errno 2155->2162 2158 70a0da74-70a0da7e 2156->2158 2157->2158 2166 70a0db1a-70a0db47 fprintf fputc 2161->2166 2163 70a0db80-70a0db9b _errno strerror fprintf 2162->2163 2164 70a0dacb-70a0db13 fprintf * 2 fputc fclose 2162->2164 2163->2164 2164->2166 2166->2156
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 70A05FD0: getenv.MSVCRT ref: 70A06066
                                                                                                                                                                                                                            • _errno.MSVCRT ref: 70A0DA91
                                                                                                                                                                                                                              • Part of subcall function 70A0A7B0: strncmp.MSVCRT ref: 70A0A891
                                                                                                                                                                                                                              • Part of subcall function 70A0A7B0: strchr.MSVCRT ref: 70A0A8A2
                                                                                                                                                                                                                            • free.MSVCRT ref: 70A0DA6F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errnofreegetenvstrchrstrncmp
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$license.c$license.lic$product.key$pytransform.log
                                                                                                                                                                                                                            • API String ID: 2166687660-2554675036
                                                                                                                                                                                                                            • Opcode ID: 51b71e4d5f7b9b1f5e99217e4ad8c9ed1310ba067563fa6360d19c9241e2a9c4
                                                                                                                                                                                                                            • Instruction ID: 4efda974a8896be2298d1eee56068094a8eee92e9bc250dad0bd2c1d9548b117
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51b71e4d5f7b9b1f5e99217e4ad8c9ed1310ba067563fa6360d19c9241e2a9c4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A31D471B2836A99EE00AB51F91175D63A1BB49BC4F448236DD0E2776CEF3CF9068346
                                                                                                                                                                                                                            Function 70A04A00 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 96COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2265 70a04a00-70a04a19 call 70a6fc00 2268 70a04a25-70a04a62 2265->2268 2269 70a04a1b-70a04a23 2265->2269 2269->2268 2270 70a04a63-70a04a7c call 70a04230 2269->2270 2273 70a04b20-70a04b52 fprintf 2270->2273 2274 70a04a82-70a04a90 _errno 2270->2274 2278 70a04ae8-70a04b18 fprintf fputc 2273->2278 2275 70a04b54-70a04b70 _errno strerror fprintf 2274->2275 2276 70a04a96-70a04ae1 fprintf * 2 fputc fclose 2274->2276 2275->2276 2276->2278 2278->2268
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: fprintf$fputc$_errnofclosemallocmemcpy
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$protect.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 1944142573-1235383041
                                                                                                                                                                                                                            • Opcode ID: 6b25d167d664dc9fa20fed712a6307817866af6a7771c36f0bb93a53ba9f0987
                                                                                                                                                                                                                            • Instruction ID: 227b92444954991b52247186106102a6d3bd445ee1a5f0027d7dd83185608cfa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b25d167d664dc9fa20fed712a6307817866af6a7771c36f0bb93a53ba9f0987
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7531B6517182C29EEB119B35B9607AD6B71EF46BC8F088165DE8D0736ADE2CF402C309
                                                                                                                                                                                                                            Function 00007FF7CFBC17A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2153230061-4158440160
                                                                                                                                                                                                                            • Opcode ID: 32df894d99da4958428d66d7b7170e55d4c1a0df7bc71c74b7a62d87a7df9d5f
                                                                                                                                                                                                                            • Instruction ID: 78926712217d61be2f45686990755ef5efb91d291e6c3d95c6932434e301b493
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32df894d99da4958428d66d7b7170e55d4c1a0df7bc71c74b7a62d87a7df9d5f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C518571A09A8286EB54EF38D4502B9B3A0FF48B68BD18136DA0D87399DF7CE445C770
                                                                                                                                                                                                                            Function 70A94B20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2334 70a94b20-70a94b38 2335 70a94b3a-70a94b4c 2334->2335 2336 70a94b72-70a94b75 2334->2336 2337 70a94c60-70a94c62 2335->2337 2338 70a94b52-70a94b54 2335->2338 2339 70a94b77-70a94b89 _errno 2336->2339 2344 70a94c94-70a94c9f 2337->2344 2345 70a94c64-70a94c75 2337->2345 2340 70a94b5a-70a94b62 2338->2340 2341 70a94c80-70a94c82 2338->2341 2342 70a94b8f-70a94b93 2339->2342 2343 70a94c40-70a94c49 _errno 2339->2343 2348 70a94b6d-70a94b70 2340->2348 2349 70a94b64-70a94b6b 2340->2349 2346 70a94cd8-70a94cdd 2341->2346 2347 70a94c84-70a94c8a 2341->2347 2342->2343 2350 70a94b99-70a94b9c 2342->2350 2351 70a94c4f-70a94c5e 2343->2351 2344->2339 2345->2339 2347->2344 2348->2339 2349->2339 2349->2348 2350->2343 2352 70a94ba2-70a94bad 2350->2352 2353 70a94bb3-70a94be1 CreateFileMappingA 2352->2353 2354 70a94ca4-70a94cb8 _get_osfhandle 2352->2354 2356 70a94c18-70a94c3a GetLastError _errno 2353->2356 2357 70a94be3-70a94c16 MapViewOfFile CloseHandle 2353->2357 2354->2353 2355 70a94cbe-70a94cd3 _errno 2354->2355 2355->2351 2357->2351 2357->2356
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                            • String ID: $@$@
                                                                                                                                                                                                                            • API String ID: 896588047-3743272326
                                                                                                                                                                                                                            • Opcode ID: a7d2e116755dd5e7b73fa10bb3bd850991ebedf29374f90d57e067a6f4a17967
                                                                                                                                                                                                                            • Instruction ID: dc88614902378892f61cb752b95925dd695167d7829bfecb19ab9c38622cc72e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7d2e116755dd5e7b73fa10bb3bd850991ebedf29374f90d57e067a6f4a17967
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45414573F226508AE7225B16AD00B4D62A9B789BB4F490325DE7A177D8EBBCD9408304
                                                                                                                                                                                                                            Function 70A0DC10 Relevance: 15.6, APIs: 4, Strings: 6, Instructions: 579stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$strlenstrncmp
                                                                                                                                                                                                                            • String ID: __main__$__mp_main__$__parents_main__$__spec__$frame$obfmode.c
                                                                                                                                                                                                                            • API String ID: 2569063720-2363144754
                                                                                                                                                                                                                            • Opcode ID: d7eb3b2edb8b75f53f14989efe98325d5a7d4fb8147dfaabf56a59dccfa926de
                                                                                                                                                                                                                            • Instruction ID: 5df5f8f4ca7e20f381e89759c24b5211d9d23d32de1d11822eaf4d435f1d9017
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7eb3b2edb8b75f53f14989efe98325d5a7d4fb8147dfaabf56a59dccfa926de
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C232BC72A0664CC6EB15CB21B94035D27A6B7A9B88F444A29CD0F0B7ACFB7CE945D701
                                                                                                                                                                                                                            Function 00007FF7CFBC12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                            • Opcode ID: 97109d0cb12491dcd75114423168a330b554ce4363259326bfc156e08869420a
                                                                                                                                                                                                                            • Instruction ID: 409c7222435afbcd6f4ac1334175bd307569afba7bfab1e1143f00e8f4529a98
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97109d0cb12491dcd75114423168a330b554ce4363259326bfc156e08869420a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69414C62A08AC282EA14FF25E9406FAE3A0FF44BA4FD54432DA4D57B55EF7CE5418730
                                                                                                                                                                                                                            Function 00007FF7CFBE0F7C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2757 7ff7cfbe0f7c-7ff7cfbe0fef call 7ff7cfbe0cac 2760 7ff7cfbe0ff1-7ff7cfbe0ffa call 7ff7cfbcfc50 2757->2760 2761 7ff7cfbe1009-7ff7cfbe1013 call 7ff7cfbd2394 2757->2761 2768 7ff7cfbe0ffd-7ff7cfbe1004 call 7ff7cfbcfc70 2760->2768 2766 7ff7cfbe1015-7ff7cfbe102c call 7ff7cfbcfc50 call 7ff7cfbcfc70 2761->2766 2767 7ff7cfbe102e-7ff7cfbe1097 CreateFileW 2761->2767 2766->2768 2770 7ff7cfbe1114-7ff7cfbe111f GetFileType 2767->2770 2771 7ff7cfbe1099-7ff7cfbe109f 2767->2771 2779 7ff7cfbe1342-7ff7cfbe1362 2768->2779 2773 7ff7cfbe1172-7ff7cfbe1179 2770->2773 2774 7ff7cfbe1121-7ff7cfbe115c GetLastError call 7ff7cfbcfc00 CloseHandle 2770->2774 2776 7ff7cfbe10e1-7ff7cfbe110f GetLastError call 7ff7cfbcfc00 2771->2776 2777 7ff7cfbe10a1-7ff7cfbe10a5 2771->2777 2782 7ff7cfbe1181-7ff7cfbe1184 2773->2782 2783 7ff7cfbe117b-7ff7cfbe117f 2773->2783 2774->2768 2791 7ff7cfbe1162-7ff7cfbe116d call 7ff7cfbcfc70 2774->2791 2776->2768 2777->2776 2784 7ff7cfbe10a7-7ff7cfbe10df CreateFileW 2777->2784 2788 7ff7cfbe118a-7ff7cfbe11db call 7ff7cfbd22ac 2782->2788 2789 7ff7cfbe1186 2782->2789 2783->2788 2784->2770 2784->2776 2796 7ff7cfbe11dd-7ff7cfbe11e9 call 7ff7cfbe0eb8 2788->2796 2797 7ff7cfbe11fa-7ff7cfbe122a call 7ff7cfbe0a18 2788->2797 2789->2788 2791->2768 2796->2797 2802 7ff7cfbe11eb 2796->2802 2803 7ff7cfbe122c-7ff7cfbe126f 2797->2803 2804 7ff7cfbe11ed-7ff7cfbe11f5 call 7ff7cfbd5b24 2797->2804 2802->2804 2806 7ff7cfbe1291-7ff7cfbe129c 2803->2806 2807 7ff7cfbe1271-7ff7cfbe1275 2803->2807 2804->2779 2810 7ff7cfbe1340 2806->2810 2811 7ff7cfbe12a2-7ff7cfbe12a6 2806->2811 2807->2806 2809 7ff7cfbe1277-7ff7cfbe128c 2807->2809 2809->2806 2810->2779 2811->2810 2812 7ff7cfbe12ac-7ff7cfbe12f1 CloseHandle CreateFileW 2811->2812 2813 7ff7cfbe12f3-7ff7cfbe1321 GetLastError call 7ff7cfbcfc00 call 7ff7cfbd24d4 2812->2813 2814 7ff7cfbe1326-7ff7cfbe133b 2812->2814 2813->2814 2814->2810
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1330151763-0
                                                                                                                                                                                                                            • Opcode ID: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                            • Instruction ID: a0bb24525948da5863d04ed0cce3c25b3a0a345fadf0046cac91ad5724bb62da
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07C1A036B24A8286EB10EF78D4902ED7761FB49BA8B914225DE1E977D5CF38D452C320
                                                                                                                                                                                                                            Function 00007FF7CFBC1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2819 7ff7cfbc1000-7ff7cfbc3528 call 7ff7cfbcc838 call 7ff7cfbcc830 call 7ff7cfbc70f0 call 7ff7cfbcc830 call 7ff7cfbca620 call 7ff7cfbcfb30 call 7ff7cfbd06c8 call 7ff7cfbc1ae0 2837 7ff7cfbc352e-7ff7cfbc353d call 7ff7cfbc3a40 2819->2837 2838 7ff7cfbc363c 2819->2838 2837->2838 2843 7ff7cfbc3543-7ff7cfbc3556 call 7ff7cfbc3910 2837->2843 2840 7ff7cfbc3641-7ff7cfbc3661 call 7ff7cfbca5f0 2838->2840 2843->2838 2847 7ff7cfbc355c-7ff7cfbc356f call 7ff7cfbc39c0 2843->2847 2847->2838 2850 7ff7cfbc3575-7ff7cfbc359c call 7ff7cfbc64e0 2847->2850 2853 7ff7cfbc35de-7ff7cfbc3606 call 7ff7cfbc6a80 call 7ff7cfbc19c0 2850->2853 2854 7ff7cfbc359e-7ff7cfbc35ad call 7ff7cfbc64e0 2850->2854 2865 7ff7cfbc36ef-7ff7cfbc3700 2853->2865 2866 7ff7cfbc360c-7ff7cfbc3622 call 7ff7cfbc19c0 2853->2866 2854->2853 2860 7ff7cfbc35af-7ff7cfbc35b5 2854->2860 2861 7ff7cfbc35c1-7ff7cfbc35db call 7ff7cfbcf95c call 7ff7cfbc6a80 2860->2861 2862 7ff7cfbc35b7-7ff7cfbc35bf 2860->2862 2861->2853 2862->2861 2868 7ff7cfbc3702-7ff7cfbc370c call 7ff7cfbc3040 2865->2868 2869 7ff7cfbc3715-7ff7cfbc372d call 7ff7cfbc7490 2865->2869 2878 7ff7cfbc3662-7ff7cfbc3665 2866->2878 2879 7ff7cfbc3624-7ff7cfbc3637 call 7ff7cfbc2760 2866->2879 2881 7ff7cfbc370e 2868->2881 2882 7ff7cfbc374d-7ff7cfbc375a call 7ff7cfbc59d0 2868->2882 2883 7ff7cfbc3740-7ff7cfbc3747 SetDllDirectoryW 2869->2883 2884 7ff7cfbc372f-7ff7cfbc373b call 7ff7cfbc2760 2869->2884 2878->2865 2880 7ff7cfbc366b-7ff7cfbc3682 call 7ff7cfbc3b50 2878->2880 2879->2838 2894 7ff7cfbc3684-7ff7cfbc3687 2880->2894 2895 7ff7cfbc3689-7ff7cfbc36b5 call 7ff7cfbc6cf0 2880->2895 2881->2869 2892 7ff7cfbc37a8-7ff7cfbc37ad call 7ff7cfbc5950 2882->2892 2893 7ff7cfbc375c-7ff7cfbc376c call 7ff7cfbc56b0 2882->2893 2883->2882 2884->2838 2901 7ff7cfbc37b2-7ff7cfbc37b5 2892->2901 2893->2892 2907 7ff7cfbc376e-7ff7cfbc377d call 7ff7cfbc5260 2893->2907 2898 7ff7cfbc36c4-7ff7cfbc36da call 7ff7cfbc2760 2894->2898 2908 7ff7cfbc36df-7ff7cfbc36ed 2895->2908 2909 7ff7cfbc36b7-7ff7cfbc36bf call 7ff7cfbcc8c4 2895->2909 2898->2838 2905 7ff7cfbc3866-7ff7cfbc386e call 7ff7cfbc2ed0 2901->2905 2906 7ff7cfbc37bb-7ff7cfbc37c8 2901->2906 2917 7ff7cfbc3873-7ff7cfbc3875 2905->2917 2910 7ff7cfbc37d0-7ff7cfbc37da 2906->2910 2921 7ff7cfbc377f-7ff7cfbc378b call 7ff7cfbc51f0 2907->2921 2922 7ff7cfbc379e-7ff7cfbc37a3 call 7ff7cfbc54d0 2907->2922 2908->2868 2909->2898 2914 7ff7cfbc37e3-7ff7cfbc37e5 2910->2914 2915 7ff7cfbc37dc-7ff7cfbc37e1 2910->2915 2919 7ff7cfbc3831-7ff7cfbc3846 call 7ff7cfbc3030 call 7ff7cfbc2e70 call 7ff7cfbc3020 2914->2919 2920 7ff7cfbc37e7-7ff7cfbc380a call 7ff7cfbc1b20 2914->2920 2915->2910 2915->2914 2917->2838 2923 7ff7cfbc387b-7ff7cfbc38b2 call 7ff7cfbc6a10 call 7ff7cfbc64e0 call 7ff7cfbc5050 2917->2923 2945 7ff7cfbc384b-7ff7cfbc3861 call 7ff7cfbc54d0 call 7ff7cfbc5950 2919->2945 2920->2838 2933 7ff7cfbc3810-7ff7cfbc381b 2920->2933 2921->2922 2934 7ff7cfbc378d-7ff7cfbc379c call 7ff7cfbc5860 2921->2934 2922->2892 2923->2838 2946 7ff7cfbc38b8-7ff7cfbc38ed call 7ff7cfbc3030 call 7ff7cfbc6ac0 call 7ff7cfbc54d0 call 7ff7cfbc5950 2923->2946 2938 7ff7cfbc3820-7ff7cfbc382f 2933->2938 2934->2901 2938->2919 2938->2938 2945->2840 2959 7ff7cfbc38ef-7ff7cfbc38f2 call 7ff7cfbc6780 2946->2959 2960 7ff7cfbc38f7-7ff7cfbc3901 call 7ff7cfbc1aa0 2946->2960 2959->2960 2960->2840
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC3A40: GetModuleFileNameW.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC3A71
                                                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32 ref: 00007FF7CFBC3747
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: GetEnvironmentVariableW.KERNEL32(00007FF7CFBC3589), ref: 00007FF7CFBC651A
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7CFBC6537
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                            • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                            • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                            • Opcode ID: 89440302c6dafa0e0820187f01a887c907dca1407ec206642e55fdacef57d51a
                                                                                                                                                                                                                            • Instruction ID: 2a9340544104033e2b49523910e4892754bd74efe05d542e801ed3afedbb5a7a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89440302c6dafa0e0820187f01a887c907dca1407ec206642e55fdacef57d51a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EB15061A1C6C351FA64BF3199512FFA690BF447A4FD84032EA8D47796EF2CE5058730
                                                                                                                                                                                                                            Function 00007FF7CFBC1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2964 7ff7cfbc1050-7ff7cfbc10ab call 7ff7cfbc9350 2967 7ff7cfbc10d3-7ff7cfbc10eb call 7ff7cfbcf970 2964->2967 2968 7ff7cfbc10ad-7ff7cfbc10d2 call 7ff7cfbc2760 2964->2968 2973 7ff7cfbc1109-7ff7cfbc1119 call 7ff7cfbcf970 2967->2973 2974 7ff7cfbc10ed-7ff7cfbc1104 call 7ff7cfbc24c0 2967->2974 2979 7ff7cfbc1137-7ff7cfbc1147 2973->2979 2980 7ff7cfbc111b-7ff7cfbc1132 call 7ff7cfbc24c0 2973->2980 2981 7ff7cfbc126c-7ff7cfbc12a0 call 7ff7cfbc9040 call 7ff7cfbcf95c * 2 2974->2981 2983 7ff7cfbc1150-7ff7cfbc116d call 7ff7cfbccbe0 2979->2983 2980->2981 2988 7ff7cfbc1172-7ff7cfbc1175 2983->2988 2990 7ff7cfbc125e 2988->2990 2991 7ff7cfbc117b-7ff7cfbc1185 call 7ff7cfbcc954 2988->2991 2993 7ff7cfbc1264 2990->2993 2991->2990 2998 7ff7cfbc118b-7ff7cfbc1197 2991->2998 2993->2981 2999 7ff7cfbc11a0-7ff7cfbc11c8 call 7ff7cfbc7810 2998->2999 3002 7ff7cfbc1241-7ff7cfbc125c call 7ff7cfbc2760 2999->3002 3003 7ff7cfbc11ca-7ff7cfbc11cd 2999->3003 3002->2993 3005 7ff7cfbc11cf-7ff7cfbc11d9 3003->3005 3006 7ff7cfbc123c 3003->3006 3007 7ff7cfbc1203-7ff7cfbc1206 3005->3007 3008 7ff7cfbc11db-7ff7cfbc11f0 call 7ff7cfbcd108 3005->3008 3006->3002 3011 7ff7cfbc1219-7ff7cfbc121e 3007->3011 3012 7ff7cfbc1208-7ff7cfbc1216 call 7ff7cfbcb390 3007->3012 3016 7ff7cfbc11f2-7ff7cfbc11fc call 7ff7cfbcc954 3008->3016 3017 7ff7cfbc11fe-7ff7cfbc1201 3008->3017 3011->2999 3015 7ff7cfbc1220-7ff7cfbc1223 3011->3015 3012->3011 3019 7ff7cfbc1225-7ff7cfbc1228 3015->3019 3020 7ff7cfbc1237-7ff7cfbc123a 3015->3020 3016->3011 3016->3017 3017->3002 3019->3002 3022 7ff7cfbc122a-7ff7cfbc1232 3019->3022 3020->2993 3022->2983
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                            • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                            • API String ID: 2030045667-1060636955
                                                                                                                                                                                                                            • Opcode ID: a9bacd6be3711d35ecb69e520e7de468e0dec868e9aee55fa6e056ffc73a1036
                                                                                                                                                                                                                            • Instruction ID: 5e1f8521cb3038377f00478d30317da4f561f290ba06b46f781cea35f9d0b40d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9bacd6be3711d35ecb69e520e7de468e0dec868e9aee55fa6e056ffc73a1036
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7351AD76A086C285EA60BF21E4403FBA291BB847A4FC54136DA4D9B795EF3CE905C730
                                                                                                                                                                                                                            Function 00007FF7CFBD6408 Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 3024 7ff7cfbd6408-7ff7cfbd642e 3025 7ff7cfbd6430-7ff7cfbd6444 call 7ff7cfbcfc50 call 7ff7cfbcfc70 3024->3025 3026 7ff7cfbd6449-7ff7cfbd644d 3024->3026 3043 7ff7cfbd6843 3025->3043 3028 7ff7cfbd6453-7ff7cfbd645a 3026->3028 3029 7ff7cfbd682c-7ff7cfbd6838 call 7ff7cfbcfc50 call 7ff7cfbcfc70 3026->3029 3028->3029 3031 7ff7cfbd6460-7ff7cfbd6492 3028->3031 3046 7ff7cfbd683e call 7ff7cfbd5964 3029->3046 3031->3029 3034 7ff7cfbd6498-7ff7cfbd649f 3031->3034 3037 7ff7cfbd64a1-7ff7cfbd64b3 call 7ff7cfbcfc50 call 7ff7cfbcfc70 3034->3037 3038 7ff7cfbd64b8-7ff7cfbd64bb 3034->3038 3037->3046 3041 7ff7cfbd64c1-7ff7cfbd64c3 3038->3041 3042 7ff7cfbd6828-7ff7cfbd682a 3038->3042 3041->3042 3048 7ff7cfbd64c9-7ff7cfbd64cc 3041->3048 3047 7ff7cfbd6846-7ff7cfbd685d 3042->3047 3043->3047 3046->3043 3048->3037 3051 7ff7cfbd64ce-7ff7cfbd64f4 3048->3051 3053 7ff7cfbd6533-7ff7cfbd653b 3051->3053 3054 7ff7cfbd64f6-7ff7cfbd64f9 3051->3054 3055 7ff7cfbd6505-7ff7cfbd651c call 7ff7cfbcfc50 call 7ff7cfbcfc70 call 7ff7cfbd5964 3053->3055 3056 7ff7cfbd653d-7ff7cfbd6549 call 7ff7cfbd7d90 3053->3056 3057 7ff7cfbd6521-7ff7cfbd652e 3054->3057 3058 7ff7cfbd64fb-7ff7cfbd6503 3054->3058 3085 7ff7cfbd66bc 3055->3085 3064 7ff7cfbd654e-7ff7cfbd6565 call 7ff7cfbd59cc * 2 3056->3064 3059 7ff7cfbd65b7-7ff7cfbd65ca 3057->3059 3058->3055 3058->3057 3062 7ff7cfbd6646-7ff7cfbd6650 call 7ff7cfbddda0 3059->3062 3063 7ff7cfbd65cc-7ff7cfbd65d4 3059->3063 3076 7ff7cfbd6656-7ff7cfbd666b 3062->3076 3077 7ff7cfbd66da 3062->3077 3063->3062 3066 7ff7cfbd65d6-7ff7cfbd65d8 3063->3066 3087 7ff7cfbd6582-7ff7cfbd65b3 call 7ff7cfbd6b60 3064->3087 3088 7ff7cfbd6567-7ff7cfbd657d call 7ff7cfbcfc70 call 7ff7cfbcfc50 3064->3088 3066->3062 3070 7ff7cfbd65da-7ff7cfbd65f1 3066->3070 3070->3062 3074 7ff7cfbd65f3-7ff7cfbd65ff 3070->3074 3074->3062 3079 7ff7cfbd6601-7ff7cfbd6603 3074->3079 3076->3077 3082 7ff7cfbd666d-7ff7cfbd667f GetConsoleMode 3076->3082 3081 7ff7cfbd66df-7ff7cfbd66ff ReadFile 3077->3081 3079->3062 3086 7ff7cfbd6605-7ff7cfbd661d 3079->3086 3089 7ff7cfbd6705-7ff7cfbd670d 3081->3089 3090 7ff7cfbd67f2-7ff7cfbd67fb GetLastError 3081->3090 3082->3077 3084 7ff7cfbd6681-7ff7cfbd6689 3082->3084 3084->3081 3091 7ff7cfbd668b-7ff7cfbd66ad ReadConsoleW 3084->3091 3094 7ff7cfbd66bf-7ff7cfbd66c9 call 7ff7cfbd59cc 3085->3094 3086->3062 3095 7ff7cfbd661f-7ff7cfbd662b 3086->3095 3087->3059 3088->3085 3089->3090 3097 7ff7cfbd6713 3089->3097 3092 7ff7cfbd67fd-7ff7cfbd6813 call 7ff7cfbcfc70 call 7ff7cfbcfc50 3090->3092 3093 7ff7cfbd6818-7ff7cfbd681b 3090->3093 3100 7ff7cfbd66af GetLastError 3091->3100 3101 7ff7cfbd66ce-7ff7cfbd66d8 3091->3101 3092->3085 3105 7ff7cfbd66b5-7ff7cfbd66b7 call 7ff7cfbcfc00 3093->3105 3106 7ff7cfbd6821-7ff7cfbd6823 3093->3106 3094->3047 3095->3062 3104 7ff7cfbd662d-7ff7cfbd662f 3095->3104 3108 7ff7cfbd671a-7ff7cfbd672f 3097->3108 3100->3105 3101->3108 3104->3062 3112 7ff7cfbd6631-7ff7cfbd6641 3104->3112 3105->3085 3106->3094 3108->3094 3114 7ff7cfbd6731-7ff7cfbd673c 3108->3114 3112->3062 3115 7ff7cfbd6763-7ff7cfbd676b 3114->3115 3116 7ff7cfbd673e-7ff7cfbd6757 call 7ff7cfbd5fcc 3114->3116 3120 7ff7cfbd67e0-7ff7cfbd67ed call 7ff7cfbd5d84 3115->3120 3121 7ff7cfbd676d-7ff7cfbd677f 3115->3121 3124 7ff7cfbd675c-7ff7cfbd675e 3116->3124 3120->3124 3125 7ff7cfbd67d3-7ff7cfbd67db 3121->3125 3126 7ff7cfbd6781 3121->3126 3124->3094 3125->3094 3128 7ff7cfbd6786-7ff7cfbd678d 3126->3128 3129 7ff7cfbd678f-7ff7cfbd6793 3128->3129 3130 7ff7cfbd67c9-7ff7cfbd67cd 3128->3130 3131 7ff7cfbd6795-7ff7cfbd679c 3129->3131 3132 7ff7cfbd67af 3129->3132 3130->3125 3131->3132 3133 7ff7cfbd679e-7ff7cfbd67a2 3131->3133 3134 7ff7cfbd67b5-7ff7cfbd67c5 3132->3134 3133->3132 3135 7ff7cfbd67a4-7ff7cfbd67ad 3133->3135 3134->3128 3136 7ff7cfbd67c7 3134->3136 3135->3134 3136->3125
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 6d76600332cd51621babe51080adacafe0eb3a98da8a3fe18a99b7ec18543619
                                                                                                                                                                                                                            • Instruction ID: 7a65251f18eb8b239324e149ee24de1f14b84793219963a42dd2d8fca65ef1c2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d76600332cd51621babe51080adacafe0eb3a98da8a3fe18a99b7ec18543619
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92C1A122A0C7C741E761AF3594402FAAB62EB80BA4F850132DA4E47799DF7CE8558772
                                                                                                                                                                                                                            Function 00007FF7CFBCA754 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4144305933-0
                                                                                                                                                                                                                            • Opcode ID: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
                                                                                                                                                                                                                            • Instruction ID: 5f86e8069079fee7fe6057beb3c3adf3b2c6af0962a8014d31e4aef39e8f24fd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85314D21E0C1C386FA28BF75A5613FAE295AF417E4FC44035D64D4B6DBDF6CA8498231
                                                                                                                                                                                                                            Function 70A70A30 Relevance: 6.0, APIs: 4, Instructions: 38threadinjectionCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Thread$ContextCurrent
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 195563550-0
                                                                                                                                                                                                                            • Opcode ID: 28fea4604ca6fef9d06f2ff79cdcf5c43462e4a59386bbe1a7154d01d539f8b1
                                                                                                                                                                                                                            • Instruction ID: 01bc0719a83438bc923d157a8d7d628b96fb459852aa8f2eb93c5b1d9df1b075
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28fea4604ca6fef9d06f2ff79cdcf5c43462e4a59386bbe1a7154d01d539f8b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D117172618785C6EB608B64F91870FB3E5F3883D4F509629D6C986A9CCFBCC189CB00
                                                                                                                                                                                                                            Function 00007FF7CFBCFEE4 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2907017715-0
                                                                                                                                                                                                                            • Opcode ID: 6bc34977209249cb9a8280982b1036741a152119e2b8ccc82b4d09bdf26104ee
                                                                                                                                                                                                                            • Instruction ID: 872c33ebb38d1f922373249c18285820d899062abe51db9e4b277c96a98d3185
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bc34977209249cb9a8280982b1036741a152119e2b8ccc82b4d09bdf26104ee
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC31C432E187C186E650AF31A5002EAB650FB857B4F544335EABC43AD6DF3CE5A18770
                                                                                                                                                                                                                            Function 00007FF7CFBD4394 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                            • Opcode ID: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                            • Instruction ID: 5dd77de5a0b01910c64abecbfbbe8d0156045000f6af7beb58f7299e8aa29cb8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18E04F24B0578282EB147F35AD953FEA2629F88771F405539D80E8239ACF3DE4888332
                                                                                                                                                                                                                            Function 00007FFBAA5D9570 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,?,00007FFBAA52831D,?,?,?,?,00007FFBAA554917,?,?,?,00007FFBAA52207B), ref: 00007FFBAA5D9708
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1910047217.00007FFBAA521000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA520000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910016209.00007FFBAA520000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910188529.00007FFBAA66E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910217094.00007FFBAA673000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffbaa520000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                            • String ID: gfff
                                                                                                                                                                                                                            • API String ID: 2221118986-1553575800
                                                                                                                                                                                                                            • Opcode ID: baa2ae2d10dfe4d87197a6b89a700d12a14e0d56cec0b4cffeda47b066427b2c
                                                                                                                                                                                                                            • Instruction ID: 0695e63334cffa20cf92a7ec6b613c3a2cc2a55b9a1141c7a6479ccad4ae3287
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: baa2ae2d10dfe4d87197a6b89a700d12a14e0d56cec0b4cffeda47b066427b2c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F109E0A1B602C5FA5ACB39EC50234329DAF46F40F0825B5DD1E466A4FF3DB4478B65
                                                                                                                                                                                                                            Function 00007FF7CFBCC980 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 418abc046f0238a7e4161840f51ccb75892871292d6ebbe86ace378d7f50b21f
                                                                                                                                                                                                                            • Instruction ID: 8df74176832c4cee26854a1e2186feb4d3d36145464fc8e54286dca5aff3b82a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 418abc046f0238a7e4161840f51ccb75892871292d6ebbe86ace378d7f50b21f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF51E561B086D546F628AE79A4006FBE691BF50BB4F844231ED6D577C9CF3CF4018630
                                                                                                                                                                                                                            Function 00007FF7CFBD6ABC Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(?,?,?,00007FF7CFBD77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707), ref: 00007FF7CFBD6B00
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7CFBD77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707), ref: 00007FF7CFBD6B0A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                                                            • Opcode ID: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                            • Instruction ID: 714a0f08eb54e9532366361c5d632e106cfef9a75c38c48d785e813089eb6a4a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C301A161B18AC241EA14AF35A8451BAA261AF44BF0B944332EA7E477D9DF3CD4518331
                                                                                                                                                                                                                            Function 00007FF7CFBD5B24 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FF7CFBD5A57,?,?,00000000,00007FF7CFBD5AFF,?,?,?,?,?,?,00007FF7CFBCC892), ref: 00007FF7CFBD5B8A
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7CFBD5A57,?,?,00000000,00007FF7CFBD5AFF,?,?,?,?,?,?,00007FF7CFBCC892), ref: 00007FF7CFBD5B94
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                                                            • Opcode ID: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                            • Instruction ID: 00c4dcba95ab5d11c7367e744135c1d4cad19d714b8f2a86915357c47001b548
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71118425B096C641FE647F7096913FD92825F447B4FD40637DA2E462CADF6CA4444232
                                                                                                                                                                                                                            Function 00007FFBAA52F4C0 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,00007FFBAA5D984B,?,?,?,?,00007FFBAA52831D,?,?,?,?,00007FFBAA554917), ref: 00007FFBAA52F4E8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1910047217.00007FFBAA521000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA520000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910016209.00007FFBAA520000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910188529.00007FFBAA66E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910217094.00007FFBAA673000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffbaa520000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 31276548-0
                                                                                                                                                                                                                            • Opcode ID: 4101df5f3c09264584a76a1059df5c30a4529edce02f8e79a551b869eee91f16
                                                                                                                                                                                                                            • Instruction ID: 7f82e0075ef20c1c4ba94cd33cdd519d95227e6e31eae01b1b2f0ac45223a9e4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4101df5f3c09264584a76a1059df5c30a4529edce02f8e79a551b869eee91f16
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7A12CA1A1B702C1FE5A8BB9F960234329CBF56F44F1415B5CD0D462A0EF7CF46B8A64
                                                                                                                                                                                                                            Function 00007FF7CFBD6860 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                            • Instruction ID: 7fbc918fcab0fc1aa03f230cc9eaf7b48c74843eb3c8014d43b4141a812c5728
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC41E932A1828287EA14AF28D6402BCB7B1FB44764F840133DB4D87799CF6DE462C772
                                                                                                                                                                                                                            Function 00007FF7CFBD309C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                            • Instruction ID: 53789a649be6504d683b0a8881691b299e2bc5e60ab0bf1183fade08cf82e738
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00319F22A08A8781EA10AF3595443F9A7949F41FF4FA84133CA1D0779ADF6CE8458372
                                                                                                                                                                                                                            Function 00007FF7CFBC6CF0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                                                            • Opcode ID: b56868ccbfe1db70a7cb4a4678a42f933a1ba7f1c77b940196a708d6758468b2
                                                                                                                                                                                                                            • Instruction ID: e514818c475fa7f8f9a4a2e3b00c4c6902b8d2a575653b0e5de27f1ac36bc4dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b56868ccbfe1db70a7cb4a4678a42f933a1ba7f1c77b940196a708d6758468b2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD214C21B182D352EA14AF2295147FBA666BF45BE4FC84431DE0C57786CF3CE4068334
                                                                                                                                                                                                                            Function 00007FF7CFBD62EC Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: fc9ed733c9531663f2a1fa64f5afa218c335b2449458d7cf86e62dd5dbc485b9
                                                                                                                                                                                                                            • Instruction ID: e99666d66b016ce3896d1d6abbcd654cb5dae6578920fc55ea96f510b99eaaf6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc9ed733c9531663f2a1fa64f5afa218c335b2449458d7cf86e62dd5dbc485b9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D319521A0868285E7157F7994413FEA661AF40BB0FC10136EA1D037D6CFBCE4418732
                                                                                                                                                                                                                            Function 00007FF7CFBD69CC Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                            • Instruction ID: c97efb5ccd24df582bffee841b0569b9bc9d9152918e0ac288bd6840518787f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5821A122B086C345E7097F31A8413BEA661AB40BB0F958636EE6D077D6CF7CE4418731
                                                                                                                                                                                                                            Function 00007FF7CFBD0C88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                            • Instruction ID: 7138ac406e9babbb44801e84a499684b148a4e7c92125ff21149f0499eb7de16
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5115125A1D6C181EA60BF6194002FEE264BF84BE4F984433EA4D47A9ECF7DE4408772
                                                                                                                                                                                                                            Function 00007FF7CFBE0954 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                            • Instruction ID: 528ac6b0873f0c3723121cbe3531647a57b924a00119506d84ed9ccfc88dccf6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C218772618AC587EB61AF38E4403B9B6A1FB84BE4F984235E75D476D9DF3CD4408B20
                                                                                                                                                                                                                            Function 00007FF7CFBD42D8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3947729631-0
                                                                                                                                                                                                                            • Opcode ID: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                            • Instruction ID: fb9b54cb84ea12826d87f1c7097657ff363763656140d2d07dda5b3f25a635d3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D215E32E05B81CAEB15AF78D4442ECB7B4EB44728FC4453AD60D43A89DF38D585CBA1
                                                                                                                                                                                                                            Function 00007FF7CFBCCC00 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                            • Instruction ID: 1c6f13fed78a647d3699bd89e8c8a2769d82cbb2a4f1abde4c1eb14d5da3be88
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F018EA1B087C141EA04AF7699001BBE694ABA5FF0F888671EE6C17BD6CF3CE4014370
                                                                                                                                                                                                                            Function 00007FF7CFBD5A80 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                            • Instruction ID: 0078e6629f00f5ccbce2a617daef044c8fafdd04d9d15fa7020741ee9cfea04e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3113D66A186C286EB15AF64E5812EEF760EB80774FD04137E64D066E9DFBCE005C731
                                                                                                                                                                                                                            Function 00007FF7CFBCC840 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
                                                                                                                                                                                                                            • Instruction ID: 5b05a8e4ca342039e7fa742da4dbe2ce17708abe679130c7e44898dbef99e7ae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D017161F085C241FE147E79A5513FF91509F947B4FE90732E92D462C6CF2CE4018272
                                                                                                                                                                                                                            Function 70A961A0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                                                            • Opcode ID: 49d10bfd3b1bbcd756db62a4f63dd0993da53e5e8617dc023a970a1a4dbcfd5d
                                                                                                                                                                                                                            • Instruction ID: 6302ce20af1cc994caa7ae9dae8c87f0daf10d7ea461e39018fcdd3f0113c9b7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49d10bfd3b1bbcd756db62a4f63dd0993da53e5e8617dc023a970a1a4dbcfd5d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9F0F87073903486E73B0621DB10B9C28E86F16791F70031A9D164BAAED59FC685AF4A
                                                                                                                                                                                                                            Function 00007FF7CFBCCCA8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                            • Instruction ID: cc1f7e1b3fb063281125a4f17c44a26f5020bc134433862c682761e0553521db
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F09061B186C241EA10BF7AA8110BFE150AF95BF0F985170FA5D47B86DF7CE8414770
                                                                                                                                                                                                                            Function 70A70830 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c823faa15566a86fb00b9333fdc6012f9f5f1a8bdd8901f582e7834435a46c45
                                                                                                                                                                                                                            • Instruction ID: 844052589c766181325261979793a9de1e1e65e2f2ed640dd78682ccce03931c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c823faa15566a86fb00b9333fdc6012f9f5f1a8bdd8901f582e7834435a46c45
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4F012A0B95205CDF714E7B1AE53B1D32A46F58384F80F038940AC526DE768E985CA9B
                                                                                                                                                                                                                            Function 00007FF7CFBCC8C4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                            • Instruction ID: f01579f8904bde77d907ee7bcd3c9af5c20a52f4447ee8075c034472c3e58bd3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56F05E61A0C6C641EA14BF7DA4111FFA2909F947B0F980530EA1D866C6CF6CF4415771
                                                                                                                                                                                                                            Function 00007FF7CFBD3048 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                            • Instruction ID: 11f3c482e502b473ae723c9f2e2de8e44990640b297af53296a7af5304ffbacb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE03920A4968240EA14BFB6A5112FAA1505F84BF0FA81731EA7E066CBDF6CE0508735
                                                                                                                                                                                                                            Function 00007FF7CFBC6CA0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7CFBC2E7E), ref: 00007FF7CFBC6CC3
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2592636585-0
                                                                                                                                                                                                                            • Opcode ID: 7c69f5bdda1eef16465723f98914207d24655a7f3b6b4d41d5decdc102751653
                                                                                                                                                                                                                            • Instruction ID: a9043ebc668f8ffbcbdd4370707a4ce9d1691913b9b81cef3185390a7310ae03
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c69f5bdda1eef16465723f98914207d24655a7f3b6b4d41d5decdc102751653
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7E07D11B141C242DE08AF77F5050BBE2519F4CFD0B888031DE0D43719CE3CC4804A10
                                                                                                                                                                                                                            Function 70A93D70 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                                            • Opcode ID: a08d9ca910d21b77587ba1d857b94bf5e366f1e9c5df235c1de5637b90e8be30
                                                                                                                                                                                                                            • Instruction ID: 8fb5f88bfe15a89395bf2ce6cb42b89412a305677f831cbb755cbd6d2b528df1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a08d9ca910d21b77587ba1d857b94bf5e366f1e9c5df235c1de5637b90e8be30
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED9177B3B20A9486DB558F26D05135D3BF5E709F98F18411ADE8A0B79CDB38C895C384
                                                                                                                                                                                                                            Function 00007FF7CFBD9550 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF7CFBD86BD,?,?,00000000,00007FF7CFBCFC79,?,?,?,?,00007FF7CFBD59F1), ref: 00007FF7CFBD95A5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                            • Instruction ID: 8486a2dc3700e9cc408a2d37f665547ebc18149b19222d695f2e5cf613cda1f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF06D54B0A38B81FE687F7255003F5D2945F98BA8F8C0032CD0E867C5EF1CE4808232
                                                                                                                                                                                                                            Function 00007FF7CFBD7D90 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                                                            • Opcode ID: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                            • Instruction ID: ca97f63084513e984ec51c2dfea4e4dfdab7f7c1460576c7139418245a880b4f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48F08C90B0D7C781FE683F7269406F5D2805F88BB0FA80332DD2E866C9DF2CA4418232
                                                                                                                                                                                                                            Function 70A70C30 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                                                                            • Opcode ID: 11926e8aac614788481d86786482c1512f2f894a64f86faaff5e2741f2eeb34b
                                                                                                                                                                                                                            • Instruction ID: 9e8e68cd071f58dd3d494a028eae8bd57b5eb3cf435511a16bc6720ebf6707ed
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11926e8aac614788481d86786482c1512f2f894a64f86faaff5e2741f2eeb34b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5C08CA6B13A00C1FF0A5BA2FC623382220AB5CF05F189110CE0E46304CB2C80908301

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 00007FF7CFBC1B80 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                            • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                            • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                            • Opcode ID: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                                                            • Instruction ID: b4f04e2b0f4736ad26da42981e340b3ffc85027acf3f03c073c47cca4fca37c9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56A16976218BC187E7149F21E59479AB770F788BA0F90412AEB8D47B24CF7DE164CB60
                                                                                                                                                                                                                            Function 70A22B90 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                                                            • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                                                            • API String ID: 2355516209-72258043
                                                                                                                                                                                                                            • Opcode ID: c46139a651565a537a26ae49c0ef5d3c068ea7cb58dc9807431f723c5a7c1a3e
                                                                                                                                                                                                                            • Instruction ID: 9dac0609806135c3308a367260ad570ebac124ab385acaec6edb51da7337f25a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c46139a651565a537a26ae49c0ef5d3c068ea7cb58dc9807431f723c5a7c1a3e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A514772718A8095E701CB22F84435FBBA6BBC5795F448235EE9A87B9CDB7CC509C740
                                                                                                                                                                                                                            Function 70A37D40 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                                                            • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                                                            • API String ID: 2525729555-3762154145
                                                                                                                                                                                                                            • Opcode ID: 5bec18a9c7578fe2ec0224cbb84f8722a9f82902861a66ec4bcf88b42fc9b169
                                                                                                                                                                                                                            • Instruction ID: 422e7d945204d27204d2d6b6afd15af86af9bc0835e01cac6feafe0ac117ae3d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bec18a9c7578fe2ec0224cbb84f8722a9f82902861a66ec4bcf88b42fc9b169
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9731263270868482E721CB66E94435EA6B6B78DBD0FA14525DE4A43328EF7DDD46C340
                                                                                                                                                                                                                            Function 70A22540 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 98memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 70A225B7
                                                                                                                                                                                                                            • Too small size, xrefs: 70A22680
                                                                                                                                                                                                                            • platforms/windows/hdinfo.c, xrefs: 70A22687
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$Process$AdaptersAddressesFree$Alloc
                                                                                                                                                                                                                            • String ID: %02x:%02x:%02x:%02x:%02x:%02x$Too small size$platforms/windows/hdinfo.c
                                                                                                                                                                                                                            • API String ID: 3314560173-3552495142
                                                                                                                                                                                                                            • Opcode ID: b57a8ce08a754f6cf6ec0152526fb15f66516f8a692f16ecd1f26efd470e5a92
                                                                                                                                                                                                                            • Instruction ID: 88f9e28fe60658c3117d3e7cc8d6a77d82bb89847621998976c2e65d8d0435d6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b57a8ce08a754f6cf6ec0152526fb15f66516f8a692f16ecd1f26efd470e5a92
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2931F6226082919AD710DBBAF810B2F7BA2E789B95F444236BD598375CDF3CD504DB00
                                                                                                                                                                                                                            Function 00007FFBAA5DCAD0 Relevance: 20.0, APIs: 2, Strings: 11, Instructions: 464COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1910047217.00007FFBAA521000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA520000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910016209.00007FFBAA520000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910188529.00007FFBAA66E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910217094.00007FFBAA673000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffbaa520000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcmpmemcpy
                                                                                                                                                                                                                            • String ID: %s mode not allowed: %s$access$cach$cache$file$invalid uri authority: %.*s$localhos$mode$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                                            • API String ID: 1784268899-684317951
                                                                                                                                                                                                                            • Opcode ID: 71f7050b7d336f96de0849a598a7cad26329ae40fba362b91fcf86cb0713eb0d
                                                                                                                                                                                                                            • Instruction ID: b70ef9bc0a5bbc67e3eea7ae3cfecc8134d6b0191aacdf784b0e4b62d167e8b0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71f7050b7d336f96de0849a598a7cad26329ae40fba362b91fcf86cb0713eb0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4412E5E290E282C5FB63CB34D8403797A99AB53B98F0442B6CE5D466D1DE3DE447C728
                                                                                                                                                                                                                            Function 70A22360 Relevance: 15.1, APIs: 10, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$Process$Free$AdaptersAddressesAllocmemcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3510192139-0
                                                                                                                                                                                                                            • Opcode ID: 460cfef02125aafe1f9c14dabf3492322ad1734782819cba27e93f61b5d0619c
                                                                                                                                                                                                                            • Instruction ID: e5cbd6fc2634aa037c67ddad1f4e67055fa624644dc4606b2211ccd083273d5f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 460cfef02125aafe1f9c14dabf3492322ad1734782819cba27e93f61b5d0619c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1231E1227145919ED751EB6AFD00B5E27A6AB88BD4F588139EE0D87B1CEF38C941C700
                                                                                                                                                                                                                            Function 00007FF7CFBC62D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,00000000,?,00007FF7CFBC629D), ref: 00007FF7CFBC636A
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: GetEnvironmentVariableW.KERNEL32(00007FF7CFBC3589), ref: 00007FF7CFBC651A
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC64E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7CFBC6537
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD1D4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD1D65
                                                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7CFBC6421
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2760: MessageBoxW.USER32 ref: 00007FF7CFBC2831
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                            • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                            • Opcode ID: d532c20695f587cea6e775499502d5a0b34640fd8669cd756226fe6fe0a66a82
                                                                                                                                                                                                                            • Instruction ID: e1f6a983b0caa72cbd7212302db8e7ff7ad608e3290bdab3451c005e27422a8f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d532c20695f587cea6e775499502d5a0b34640fd8669cd756226fe6fe0a66a82
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39515C11B0968341FA54BF32A9656FBE2525F89BE0FD45036ED0E87B9AEF2CE5014330
                                                                                                                                                                                                                            Function 00007FF7CFBCAEE0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                                            • Opcode ID: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                                                            • Instruction ID: 206f84e0aa46e600870844cae1ec7f158a53d3428c5ade5aa16a3e301ee1add0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72311072609BC186EB64AF71E8503EEB364FB44754F844439DA4E47A99DF38D548C720
                                                                                                                                                                                                                            Function 00007FF7CFBE0010 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 435049134-0
                                                                                                                                                                                                                            • Opcode ID: 2ad49692c65a9643aff4bf0dd6164fb5e4ae0d0b7e62790cc916ec93dee904d3
                                                                                                                                                                                                                            • Instruction ID: 64556f7b9265993629f894aab7b3c0bd33b3571db0ff3e60487398c19147f943
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ad49692c65a9643aff4bf0dd6164fb5e4ae0d0b7e62790cc916ec93dee904d3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21B1A326B0828286E724FF32D5416FAE761AF847E4F849136EE4D4769ADF3CE4418770
                                                                                                                                                                                                                            Function 00007FF7CFBDC06C Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                                                            • Opcode ID: 70381fada3c5ae93ba7192b4a4a2bb5ed24ec96e14593e64572d2cabae56ca17
                                                                                                                                                                                                                            • Instruction ID: 7fec8dbc0b2778a09242f7d5fb83c630a6c6e99311330361d204ea49f79298e6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70381fada3c5ae93ba7192b4a4a2bb5ed24ec96e14593e64572d2cabae56ca17
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24A1A3A2A196D141EA50EF7698006FAE3A4FB44BB4F844236EE5D47B88DF3CE4458731
                                                                                                                                                                                                                            Function 00007FF7CFBD5750 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                                            • Opcode ID: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                                                            • Instruction ID: 193aec7c59da23e19b8d03b1190d52b3badfdd0368a658de96e51d3d5b32bd5b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80315F32618BC186DB649F35E8402EEB7A4FB88764F940136EA9D47B59DF3CC1558B20
                                                                                                                                                                                                                            Function 00007FF7CFBD6DE0 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1443284424-0
                                                                                                                                                                                                                            • Opcode ID: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                                                            • Instruction ID: a6ce8d82e5cc0702c01f49aafe5b27bd0c76f7988f87c3e6f61652e1fc199c32
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15E1FF62B08AC19AE700DF74D0401EDBBB1FB457A8FA44126EE4E57B99DF38D416C721
                                                                                                                                                                                                                            Function 70A0F220 Relevance: 7.7, APIs: 6, Instructions: 177COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: freememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3223336191-0
                                                                                                                                                                                                                            • Opcode ID: f287b2072ea6946470282008087b7e23b302a66463c7ec6cfb87f24ad3a9771a
                                                                                                                                                                                                                            • Instruction ID: 9a4f6bea6cfa91a9d34f553a13e8b3e30332e99cf9a49840e3e47333482b29e8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f287b2072ea6946470282008087b7e23b302a66463c7ec6cfb87f24ad3a9771a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F45144B2B142448AE710CF25FD4179EB3A0FB85BD4F584526EE0A97B68EB3CD941CB00
                                                                                                                                                                                                                            Function 70A2B990 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: in != NULL$out != NULL$outlen != NULL$src/misc/base64/base64_decode.c
                                                                                                                                                                                                                            • API String ID: 0-942433653
                                                                                                                                                                                                                            • Opcode ID: b2558993aaca83f820dfd5d65f1f5451e7e216c40fc5bdb80812e44ec83140e8
                                                                                                                                                                                                                            • Instruction ID: c220ff7af34c8ff94be0288ed6175b2c1fec263ddb90f7bceb27053363a4f9c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2558993aaca83f820dfd5d65f1f5451e7e216c40fc5bdb80812e44ec83140e8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD927A7392C7C887D3078E24A86436E7A22A3D9357F898235EF070739AE279DE55C351
                                                                                                                                                                                                                            Function 00007FF7CFBE02A4 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$FreeHeapInformationTimeZone
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 428190724-0
                                                                                                                                                                                                                            • Opcode ID: 76810fb177e4db148eeb30994ff645ccd78b16a1d3bce7f3da4ec91dfb23b20f
                                                                                                                                                                                                                            • Instruction ID: 415dddcc7ce1a2d62f63037a26d0fcbc73a13e7b5df11f150d8320547f606000
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76810fb177e4db148eeb30994ff645ccd78b16a1d3bce7f3da4ec91dfb23b20f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46615E36A1868286E724FF31E9815E9E760FF487A4FC45136EA4D4369ADF3CE4018770
                                                                                                                                                                                                                            Function 00007FF7CFBDFF2C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                            • Opcode ID: 0c884086102c4b45e394e5883d44db676d981fc4a610e566de8c3fbbb4b0ead5
                                                                                                                                                                                                                            • Instruction ID: 72539797101189e12fdaeebb1696489a205d3680ce16e173a651a28aaae7eb52
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c884086102c4b45e394e5883d44db676d981fc4a610e566de8c3fbbb4b0ead5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C591A326E0829246E724BF35D4403FAAB91EF80BF4F948132EA4C47A99DF3CD4518771
                                                                                                                                                                                                                            Function 70A06A70 Relevance: 4.5, APIs: 3, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2622297391-0
                                                                                                                                                                                                                            • Opcode ID: 2a2f169c2492fb064d1481e1af4fe86063d5418802fbd42ad2118c2487268f2e
                                                                                                                                                                                                                            • Instruction ID: b95bca28cee1b9da50b6bbd39b323721e2f1490902f3cf501d192141c67d9567
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a2f169c2492fb064d1481e1af4fe86063d5418802fbd42ad2118c2487268f2e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A01A7B0B1650882EF219722B91975976A26B58BD9F048B35DD1F5B79CFA2CD1808704
                                                                                                                                                                                                                            Function 70A7094C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 6dcaf8fd64b617dabc31471acd41cdaa2cab49e32dd27873edbdb04a6837cf38
                                                                                                                                                                                                                            • Instruction ID: a617565d58accae0b82bea1d9ba64370edf8ce81b1a8690ee9e5b021d4ddefa3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dcaf8fd64b617dabc31471acd41cdaa2cab49e32dd27873edbdb04a6837cf38
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34111CB2629240CFE3909F09E88471FBAA0E384754F10A125F29BCB7A9D7BCC944CF40
                                                                                                                                                                                                                            Function 70B2A46C Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: f8f28ae1c5064edc36197fd34b3ce5f7242c7bbb5603eefa84972cc96b68dc4d
                                                                                                                                                                                                                            • Instruction ID: 34606f23dd9d3d4484ea9bcdbfd089a0ab4ae144ae20c1db2dc4584714c2230b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8f28ae1c5064edc36197fd34b3ce5f7242c7bbb5603eefa84972cc96b68dc4d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31E0E28754F7C11FD3139A612D6945C2FB0959382638EC4CB93D6D33C3E48C9D0A9362
                                                                                                                                                                                                                            Function 70B2A474 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 533735a4a28587e845d51ccf6f437f6309159605a2190b9999f3042bc5225e52
                                                                                                                                                                                                                            • Instruction ID: a8bed45dd2439d82ce79edd4bca28bfd6655de8d8327e2ab9feb000468135ed3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 533735a4a28587e845d51ccf6f437f6309159605a2190b9999f3042bc5225e52
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8E0098750F7C10FD313AA602C6909C2FB095E382638A84C793D6C3387A08C9E0A8362
                                                                                                                                                                                                                            Function 70B2A4BC Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ac40e019d58a0c8a6d2e60b37acb6e883139a37a08886f7a3fce5995dc9093e5
                                                                                                                                                                                                                            • Instruction ID: d66ceeccb73a0fe90cd539911f9be0d1bf2680dd2cf2158524c074bba840bba3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac40e019d58a0c8a6d2e60b37acb6e883139a37a08886f7a3fce5995dc9093e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                            Function 00007FF7CFBC3C90 Relevance: 285.7, APIs: 54, Strings: 109, Instructions: 443libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                            • API String ID: 190572456-139387903
                                                                                                                                                                                                                            • Opcode ID: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                                                            • Instruction ID: b7a9acd98fde7781c357d810a8d9ecdd6b0d1c5d42b8635c8ca1db07781251e4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4329468A19B8390FA55BF74A8502F9A3B2BF05774BE45435C80E06664EF7DFA58C230
                                                                                                                                                                                                                            Function 00007FF7CFBC51F0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                            • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                            • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                            • Opcode ID: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                                                            • Instruction ID: bdd13d9a34d7172f51faff273ea329d0ea08db3049ccd80691688a78dd72dd06
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84E10264A09B8390FA19FF25BD902FAA7A5BF057B0BE41131D81E463A4EF7CB545C270
                                                                                                                                                                                                                            Function 70A04B80 Relevance: 119.4, APIs: 63, Strings: 5, Instructions: 431stringfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$fprintfstrerror$fclosefputc$fwrite
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$_pytransform.c$inbuf$pytransform.log
                                                                                                                                                                                                                            • API String ID: 3108438096-3708888661
                                                                                                                                                                                                                            • Opcode ID: 0f87c7a9d6faf2ae14d44c15da9011867e33a50cb74b5941311ce4c591fe54ad
                                                                                                                                                                                                                            • Instruction ID: 3d4bad9a6a3bd7ea6f5f26c18993db0544409fce498fc3e41b679f97711865c5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f87c7a9d6faf2ae14d44c15da9011867e33a50cb74b5941311ce4c591fe54ad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89F19DB0B29355DAEA04AB52FD2075D2361BB89BC4F44422ADD0E17768EF7CF506C346
                                                                                                                                                                                                                            Function 70A146D0 Relevance: 94.8, APIs: 47, Strings: 7, Instructions: 338stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$fprintf$fclosefputc$freefseekmallocstrrchr
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$.pye$__file__$__main__$_pytransform.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 1013380922-457461209
                                                                                                                                                                                                                            • Opcode ID: 82d458649a3144226b2a0ad43c7c5c9875671f79df2d5263f8ffe441c3a8bda6
                                                                                                                                                                                                                            • Instruction ID: d7d20a93d83dc10e026fbd7492e7c367c7d7411f4b566ceb5cf149befee7c4f4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82d458649a3144226b2a0ad43c7c5c9875671f79df2d5263f8ffe441c3a8bda6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9D1B070B19716DAEA049B15EC1079D2361BB88BC0F44822ADD0E1B36CEF7CF946C346
                                                                                                                                                                                                                            Function 70A185C0 Relevance: 84.3, APIs: 44, Strings: 4, Instructions: 322COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$fprintf$fclosefputc$freadfreemalloc
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 957815278-2792274189
                                                                                                                                                                                                                            • Opcode ID: d172e294434ab4a641e77c9dca610de1c378f1b40257b8b6b1460959e86a38db
                                                                                                                                                                                                                            • Instruction ID: 7a9cf03f47818959a591ae26671a9d95f142265462c0a3ff709f9e3801c1769b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d172e294434ab4a641e77c9dca610de1c378f1b40257b8b6b1460959e86a38db
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31C1A1A0B28352D9EA059B12FE1076C2366BB89BC5F44422ADE0E177ACDF3CF545C306
                                                                                                                                                                                                                            Function 70A231A0 Relevance: 72.0, APIs: 25, Strings: 16, Instructions: 241filestringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A231DE
                                                                                                                                                                                                                              • Part of subcall function 70A22E60: strlen.MSVCRT ref: 70A22E83
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23217
                                                                                                                                                                                                                            • fputc.MSVCRT ref: 70A23249
                                                                                                                                                                                                                              • Part of subcall function 70A22540: GetAdaptersAddresses.IPHLPAPI ref: 70A22571
                                                                                                                                                                                                                              • Part of subcall function 70A22540: GetProcessHeap.KERNEL32 ref: 70A225ED
                                                                                                                                                                                                                              • Part of subcall function 70A22540: HeapFree.KERNEL32 ref: 70A225F7
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23278
                                                                                                                                                                                                                              • Part of subcall function 70A22360: GetProcessHeap.KERNEL32 ref: 70A223B3
                                                                                                                                                                                                                              • Part of subcall function 70A22360: HeapFree.KERNEL32 ref: 70A223BD
                                                                                                                                                                                                                            • fputc.MSVCRT ref: 70A232A2
                                                                                                                                                                                                                              • Part of subcall function 70A226B0: GetAdaptersAddresses.IPHLPAPI ref: 70A226E4
                                                                                                                                                                                                                              • Part of subcall function 70A226B0: inet_ntoa.WS2_32 ref: 70A22725
                                                                                                                                                                                                                              • Part of subcall function 70A226B0: GetProcessHeap.KERNEL32 ref: 70A22740
                                                                                                                                                                                                                              • Part of subcall function 70A226B0: HeapFree.KERNEL32 ref: 70A2274A
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A232D1
                                                                                                                                                                                                                            • fputc.MSVCRT ref: 70A232E5
                                                                                                                                                                                                                              • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22AAB
                                                                                                                                                                                                                              • Part of subcall function 70A22A90: HeapAlloc.KERNEL32 ref: 70A22ABF
                                                                                                                                                                                                                              • Part of subcall function 70A22A90: GetNetworkParams.IPHLPAPI ref: 70A22AF7
                                                                                                                                                                                                                              • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22B19
                                                                                                                                                                                                                              • Part of subcall function 70A22A90: HeapFree.KERNEL32 ref: 70A22B23
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23314
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23335
                                                                                                                                                                                                                            • strchr.MSVCRT ref: 70A2335B
                                                                                                                                                                                                                            • fputc.MSVCRT ref: 70A23372
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23393
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A233BB
                                                                                                                                                                                                                            • strchr.MSVCRT ref: 70A233C8
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A233E9
                                                                                                                                                                                                                            • fputc.MSVCRT ref: 70A2340C
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A2342D
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A2346D
                                                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23497
                                                                                                                                                                                                                            • fputc.MSVCRT ref: 70A234B8
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23507
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23528
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23549
                                                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A2356A
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • Failed to get domain name., xrefs: 70A23555
                                                                                                                                                                                                                            • %02x, xrefs: 70A2348A
                                                                                                                                                                                                                            • "%s", xrefs: 70A2339D, 70A233DC
                                                                                                                                                                                                                            • Ip address: "%s", xrefs: 70A232C4
                                                                                                                                                                                                                            • Failed to get ip address., xrefs: 70A23534
                                                                                                                                                                                                                            • %02x:, xrefs: 70A233FB
                                                                                                                                                                                                                            • Multiple Mac addresses: "<, xrefs: 70A23418
                                                                                                                                                                                                                            • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 70A23320
                                                                                                                                                                                                                            • Serial number with disk name: , xrefs: 70A2337E
                                                                                                                                                                                                                            • Hardware informations got by PyArmor:, xrefs: 70A231C6
                                                                                                                                                                                                                            • Default Mac address: "%s", xrefs: 70A2326B
                                                                                                                                                                                                                            • Serial number of default harddisk: "%s", xrefs: 70A2320A
                                                                                                                                                                                                                            • Failed to get mac address., xrefs: 70A23513
                                                                                                                                                                                                                            • Failed to get harddisk information., xrefs: 70A234F2
                                                                                                                                                                                                                            • >", xrefs: 70A234C7
                                                                                                                                                                                                                            • Domain name: "%s", xrefs: 70A23307
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$fprintffwrite$fputc$Process$Free$AdaptersAddressesstrchr$AllocNetworkParamsinet_ntoastrlen
                                                                                                                                                                                                                            • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                                                            • API String ID: 340787292-3771683696
                                                                                                                                                                                                                            • Opcode ID: 4f0036276bffa3d41c5d3d26c5b67faaa73ba1aac2b26e1b3d4ab6aca2ebdaff
                                                                                                                                                                                                                            • Instruction ID: 7cf4ec60d40abed6019bb084c384aeaba2cfdcb1448b9c6858b5220a9006991e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f0036276bffa3d41c5d3d26c5b67faaa73ba1aac2b26e1b3d4ab6aca2ebdaff
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED812611B1125089FB04B772FA257AE1686DBCA7D4F40823A9E0E4B3DDDE3DE64AD301
                                                                                                                                                                                                                            Function 70A114B0 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 225stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: fprintf$_errno$strerror$fputc$fclose$_time64atoffreestrlenstrstr
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$*TIME:$license.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 3204063161-4277730492
                                                                                                                                                                                                                            • Opcode ID: faf6224cf5504a5dc3bdeec8719ec7e14373f6519121fe5dacfce3a51b4c7c48
                                                                                                                                                                                                                            • Instruction ID: 8595db075d6df9c7eea7435ccaa43dce6ff5ccab33650ea862acd363185379a8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: faf6224cf5504a5dc3bdeec8719ec7e14373f6519121fe5dacfce3a51b4c7c48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC81D660B29752CAEB059B21ED6035D23B6BF89BD4F488226DD0E173A8DF3CF5468305
                                                                                                                                                                                                                            Function 70A10310 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 234COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errnomalloc
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$j > 0$protect.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 2517923351-3883256839
                                                                                                                                                                                                                            • Opcode ID: 4dc5b47ff0a49c269b6afca5914f8bfce4e5eee51c9dfa44d84ba538c194f108
                                                                                                                                                                                                                            • Instruction ID: 55dd092c6d83b911cf73404e1139f6c4e33ecaefa4e62a000ee96560add7c6c3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dc5b47ff0a49c269b6afca5914f8bfce4e5eee51c9dfa44d84ba538c194f108
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9781C761B187529AEA059B22E96075D33A2BF89BC0F48813ADD0D9736CDF7CF542C316
                                                                                                                                                                                                                            Function 70A0A420 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$freemalloc
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$key != NULL$protect.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 1860011666-3885171557
                                                                                                                                                                                                                            • Opcode ID: bbcf7c7fd9569376295fae52137a17359815d18f0db1218fca529e742af67685
                                                                                                                                                                                                                            • Instruction ID: c03905c545f92f074beef446a159d5fa843e1a1206fd094a7418e84a7fa833e4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbcf7c7fd9569376295fae52137a17359815d18f0db1218fca529e742af67685
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1171B360B19756D9EA04DB12FE2176D23A2BF99BC0F48813A9D0E17369EF3CF5018356
                                                                                                                                                                                                                            Function 70A13150 Relevance: 59.7, APIs: 5, Strings: 29, Instructions: 230stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$freemallocstrerror
                                                                                                                                                                                                                            • String ID: (OOO)$+F7unNMN$04U5w91r$3fvNMf9L$41qM08fu$4mLks8EO$Ew==$HERhc2hp$IFB5c2hp$IoHvpCe3$RbgIUXyw$S8tSMMR7$UeQH2iY/$Wrap result failed$Xa2Z/Fdw$ZWxkIFBy$aGQGvX/a$b2plY3Ql$bmdzb2Z0$cDxn1XUJ$ej7tPRL6$fSis3Gx0$k6W630PQ$nc/WZrlr$oFj2UIkE$oVCzhcbp$p5dyeOAr$qNGCrKem$thDV3x4e
                                                                                                                                                                                                                            • API String ID: 2349789213-1418605665
                                                                                                                                                                                                                            • Opcode ID: 0fee515c2a46785967a36dd75a646779e35ac0a2a748732f6da08942a3a7403e
                                                                                                                                                                                                                            • Instruction ID: 5316948da58dd5794ceb892ee4ff2ca9e69d6702223bda214d2d31568315f3cb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fee515c2a46785967a36dd75a646779e35ac0a2a748732f6da08942a3a7403e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31B14776606B8889DBA4CF26B85078E77E9F788BC4F54812ACE8D57718EF38D461C740
                                                                                                                                                                                                                            Function 70A04590 Relevance: 57.9, APIs: 28, Strings: 5, Instructions: 194stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: fprintf$_errno$fputc$fclose$strerror
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                                                            • API String ID: 1803879104-71371975
                                                                                                                                                                                                                            • Opcode ID: 20dcfba8a94d0e5a4fff0f7e55a851bd5c6febb8109d1cf4ea1b1cfe96a2dc5e
                                                                                                                                                                                                                            • Instruction ID: 7d177adf98675eb4246874fd312f1518b6594a3db155ca6cce61103b930204b0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20dcfba8a94d0e5a4fff0f7e55a851bd5c6febb8109d1cf4ea1b1cfe96a2dc5e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B871B2A0B29756D9EA049B12FE2075C2362BF89BC1F44822ACD0E17368EF7CF505C346
                                                                                                                                                                                                                            Function 70A141A0 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 188stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$free$mallocstrerrorstrlen$fclosefseek
                                                                                                                                                                                                                            • String ID: Decode trial license failed$Format trial license file '%s'$Get current time failed$Invalid trial license file, size is %d != 256$Read trial license file '%s'$license.lic
                                                                                                                                                                                                                            • API String ID: 1618752535-3017380149
                                                                                                                                                                                                                            • Opcode ID: 2e7c6826e0a84d7a199170a70eca3f25cfc09e2a3f359b4f6f4a0f40bbf4d04c
                                                                                                                                                                                                                            • Instruction ID: f9efaae0ce4471f16573380e206ccd876ca8f946db78b68186592aed2f550434
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e7c6826e0a84d7a199170a70eca3f25cfc09e2a3f359b4f6f4a0f40bbf4d04c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C7111717096468ADB01CB24F9113AD63B6BBD4784F948225EA4E437ACEF7CE586C310
                                                                                                                                                                                                                            Function 70A042E0 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 155stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                                                            • API String ID: 775964473-71371975
                                                                                                                                                                                                                            • Opcode ID: e7ab8194e584fdf7d85ececd62a9fc5343cf40ce71b57fd71a0ca48bfd3d6d37
                                                                                                                                                                                                                            • Instruction ID: 1cdb47f36d0b956a4b36afd2b9fcb31c1dcd5330a107a72d424494effbad33fe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7ab8194e584fdf7d85ececd62a9fc5343cf40ce71b57fd71a0ca48bfd3d6d37
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A5173A0B29756D9EA049B51FE2475D23A5BB88BC1F44822ADD0D1B36CEF7CF505C312
                                                                                                                                                                                                                            Function 70A13680 Relevance: 42.3, APIs: 14, Strings: 10, Instructions: 271stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$strerrorstrlen
                                                                                                                                                                                                                            • String ID: %c%c%c%s$%c%s$%s%s$Could not generate license in trial version$Dashingsoft Pyshield Project$Encode buffer failed$Import rsa key failed$Sign hash failed$The size of serial number %d > 2048$The total size of serial number %d > 2560
                                                                                                                                                                                                                            • API String ID: 427076510-1296519401
                                                                                                                                                                                                                            • Opcode ID: 679a87fe3903baab6a36d49d4dfe7abb6cab9c4beaac5ff2b8fbbb24b3a171bd
                                                                                                                                                                                                                            • Instruction ID: c1ecf48a3e836738f53b425fc0cca469055a19763858c4841e435463825440bb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 679a87fe3903baab6a36d49d4dfe7abb6cab9c4beaac5ff2b8fbbb24b3a171bd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25C13A72A09B818AE720CB51F95078EB3A5F7C8784F944126EA8D93B6CEF3CD545CB40
                                                                                                                                                                                                                            Function 70A13BA0 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 168stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$fclosefreadstrerror
                                                                                                                                                                                                                            • String ID: Encode moudle key failed$Invalid public key %s$Open public key %s failed$Wrap result failed$Write output %s failed
                                                                                                                                                                                                                            • API String ID: 1423157237-2416068227
                                                                                                                                                                                                                            • Opcode ID: fc8263cf471056167a99d615c964ff8a8536502a1d140b0da7b445b64efe0c6d
                                                                                                                                                                                                                            • Instruction ID: af059605efeb0241d670f754cc7be9cffb2ff31e841a2f17d9d8403a44a8109b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc8263cf471056167a99d615c964ff8a8536502a1d140b0da7b445b64efe0c6d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5551CD62B1974695EB01DF51FE1039E23A4BB89BC4F844526EE0E13768EF3CE686C350
                                                                                                                                                                                                                            Function 70A0EC00 Relevance: 38.6, APIs: 18, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 70A04900: fseek.MSVCRT ref: 70A04954
                                                                                                                                                                                                                              • Part of subcall function 70A04900: malloc.MSVCRT ref: 70A0496E
                                                                                                                                                                                                                              • Part of subcall function 70A04900: fclose.MSVCRT ref: 70A049A3
                                                                                                                                                                                                                            • _errno.MSVCRT ref: 70A0EC60
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errnofclosefseekmalloc
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$pytransform.log$utils.c
                                                                                                                                                                                                                            • API String ID: 882899668-4272501623
                                                                                                                                                                                                                            • Opcode ID: 17223cea7ad90b7dd39b25babe2557fc61845b7a460a3b87b77de20574d3a215
                                                                                                                                                                                                                            • Instruction ID: c994ccc21fe8a1525a6cf9883ed7ae1ae7d774de7e677e36598178200c0b8333
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17223cea7ad90b7dd39b25babe2557fc61845b7a460a3b87b77de20574d3a215
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C41A261B25309D9EA01DB52FE5176D23A1BF98BC4F48822A9D0D573A8EF3CF541C346
                                                                                                                                                                                                                            Function 70A18B90 Relevance: 36.9, APIs: 9, Strings: 12, Instructions: 165COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _strdup$fclosefprintf
                                                                                                                                                                                                                            • String ID: __armor%s__$__armor__$__armor_enter%s__$__armor_enter__$__armor_exit%s__$__armor_exit__$__armor_wrap%s__$__armor_wrap__$__pyarmor%s__$__pyarmor__$little$pytransform.log
                                                                                                                                                                                                                            • API String ID: 2840409039-221964360
                                                                                                                                                                                                                            • Opcode ID: 06d010830221482c768ac7b0fa081fda18851481fa646e867f0ad123cb5477fe
                                                                                                                                                                                                                            • Instruction ID: cf7dd6fc3acd19488ec7e0a1a9cafba60ce81224ccb3585ee8bbba285c7d896b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06d010830221482c768ac7b0fa081fda18851481fa646e867f0ad123cb5477fe
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6051F561B19703D9FB118B61ED903AD2265BB487D4F84413ADD0E573A8DB3CFA85C352
                                                                                                                                                                                                                            Function 70A106D0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno$fprintf$fclosestrerror
                                                                                                                                                                                                                            • String ID: %s$%s,%d,%s$pytransform.log
                                                                                                                                                                                                                            • API String ID: 190382524-2823618119
                                                                                                                                                                                                                            • Opcode ID: b22ec3faffb8614a653549c7a7985012044751e5084476f5063c17f1ebe97a3e
                                                                                                                                                                                                                            • Instruction ID: b9c01ddd65afedd37a15345b8641c362f76c206aa8fef2bddf784dedc046aace
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b22ec3faffb8614a653549c7a7985012044751e5084476f5063c17f1ebe97a3e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF319C7172560299EA14AB12FD20F6C33A1BB89BC0F988139AE0D57368DF7CF944C746
                                                                                                                                                                                                                            Function 70A373E0 Relevance: 30.2, APIs: 16, Strings: 4, Instructions: 243COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$malloc$memcpy$memset
                                                                                                                                                                                                                            • String ID: msghash != NULL$out != NULL$outlen != NULL$src/pk/pkcs1/pkcs_1_pss_encode.c
                                                                                                                                                                                                                            • API String ID: 4204908464-4182795421
                                                                                                                                                                                                                            • Opcode ID: 246829c954663de402a40489624608250503bf7e8efb20bb563f719af14e4b26
                                                                                                                                                                                                                            • Instruction ID: 4243c5bb510a087f98c806dc7c414c84c0a9d4a0b9317dfa1883d90e73cbfc26
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 246829c954663de402a40489624608250503bf7e8efb20bb563f719af14e4b26
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3891C0B271868586DB20DB16E85476EB7A4FB8ABC4F804115EE4F87B2CDF39D449CB40
                                                                                                                                                                                                                            Function 70A173C0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _errno
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 2918714741-2792274189
                                                                                                                                                                                                                            • Opcode ID: a49f028bb9a30a372b869685540c965747e360c22203631066ca679595dc5414
                                                                                                                                                                                                                            • Instruction ID: 3601f3991b782de414de29dcdf14ec6cd06a89726ba2ae3ffe100f171e95f696
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a49f028bb9a30a372b869685540c965747e360c22203631066ca679595dc5414
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F419A61B2875696EB00DB12F85075D67B5BB88BC4F448226DE4E07768EF3CE942C342
                                                                                                                                                                                                                            Function 70A11350 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 85stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: fprintf$_errno$fputc$fclosefreestrerror
                                                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$license.c$pytransform.log
                                                                                                                                                                                                                            • API String ID: 1153345444-4157288542
                                                                                                                                                                                                                            • Opcode ID: 097ec7dd370eb698f9119ff41cd353b68bad721531049dad760ca4dca8806718
                                                                                                                                                                                                                            • Instruction ID: 8be9686ff7d9a37a59bda575aba7502b5f65a14094e2ce4ebadaadcb2ccd9ab4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 097ec7dd370eb698f9119ff41cd353b68bad721531049dad760ca4dca8806718
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85318460B19716DAEB059B21EE1175C23A5BB88BC0F44822ADD0E5B7ACEF3CF545C312
                                                                                                                                                                                                                            Function 70A96460 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileMessageModuleName_snwprintfmalloc
                                                                                                                                                                                                                            • String ID: %ws$<unknown>$Assertion failed!Program: %wsFile: %ws, Line %uExpression: %ws$MinGW Runtime Assertion$j > 0$protect.c
                                                                                                                                                                                                                            • API String ID: 2604804178-2804858100
                                                                                                                                                                                                                            • Opcode ID: 0b84865dfd02a5efed9f46ac5a02ef1ed22720130152a39b7af6aea051016f55
                                                                                                                                                                                                                            • Instruction ID: 0cae7676f57b9b1aa686d5381e932ad5f0386894524a582c29565e5ca4791591
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b84865dfd02a5efed9f46ac5a02ef1ed22720130152a39b7af6aea051016f55
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7621E272724604C9EB119B15EA903AD62A5AF48BC0FC44129E90E5B7ACEF3CE645C348
                                                                                                                                                                                                                            Function 70A340E0 Relevance: 22.9, APIs: 15, Instructions: 378COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpy$calloc$qsort
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3784193592-0
                                                                                                                                                                                                                            • Opcode ID: eea4dcc1b1766315c20184de3c126d1b323d1820373a2326a198f5f8baf229de
                                                                                                                                                                                                                            • Instruction ID: d720f20fec19250ac8457cd07a20b3372c131ff30555a17fa5c2e5b6289c531b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eea4dcc1b1766315c20184de3c126d1b323d1820373a2326a198f5f8baf229de
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D134F27142A08BCB06CB51DC5469EBBA6F749BC9FC68515EA070B309DB79ED89C700
                                                                                                                                                                                                                            Function 70A2ED20 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: callocfree
                                                                                                                                                                                                                            • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                                                            • API String ID: 306872129-190324370
                                                                                                                                                                                                                            • Opcode ID: 63ee357e4c7f4e6535422577729b08799d49b0001440abaf454e4fdab3fd8e84
                                                                                                                                                                                                                            • Instruction ID: 668afb015e7757982c0d0347ae84e10e60dfab1742556132ab79f3204d6cebbc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63ee357e4c7f4e6535422577729b08799d49b0001440abaf454e4fdab3fd8e84
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1C1AB32608A85CADB20DF22E90479E6765F7C8BD6F514136EE8E97718EF78C844C700
                                                                                                                                                                                                                            Function 70A30C10 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$memcmp$malloc
                                                                                                                                                                                                                            • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                                                            • API String ID: 2896619906-237625700
                                                                                                                                                                                                                            • Opcode ID: 93ef56e25def7a6680f6fea3de1857e5252392c2673cf2d9173d5e84dea47cd9
                                                                                                                                                                                                                            • Instruction ID: ef3c62d2dff8f2e3e6e7e17da0aa66db08175733310d73b62dd9ea8faa914e77
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93ef56e25def7a6680f6fea3de1857e5252392c2673cf2d9173d5e84dea47cd9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89B1CD726086848AD760CF01E554B8FF7A0F7887C8F904525EE8A87B5CDB7DE989CB40
                                                                                                                                                                                                                            Function 00007FF7CFBC1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                            • API String ID: 0-666925554
                                                                                                                                                                                                                            • Opcode ID: bc8701e78272acb0ce1f55f6ecba53a4f556ffceae87a24a131dc0e272b3142d
                                                                                                                                                                                                                            • Instruction ID: 64551da57b9686d35efdaf3f18b52b072bb02f7e4aa70ddbf47c3671a66ec4f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc8701e78272acb0ce1f55f6ecba53a4f556ffceae87a24a131dc0e272b3142d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0517761A08AC286EA10FF31A9106FAE360AF45BB4FC54531DE5D476A6EF3CE5458330
                                                                                                                                                                                                                            Function 00007FF7CFBC7300 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                            • API String ID: 4998090-2855260032
                                                                                                                                                                                                                            • Opcode ID: dc76126c835db98321b49172510b1caac6cf202960df20c733dcbb0845c1114c
                                                                                                                                                                                                                            • Instruction ID: 22b860299151b9d5b7709c5e05330158a448e5c8fa9ce6a41bbac2c924c5ea6c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc76126c835db98321b49172510b1caac6cf202960df20c733dcbb0845c1114c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46415E316186C282EB50AF71E8547EAA361FF847B4F940231EA5E86699DF7CE448C770
                                                                                                                                                                                                                            Function 70A953B0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,?,?,?,?,?,70A01278), ref: 70A954DD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • Unknown pseudo relocation protocol version %d., xrefs: 70A9565E
                                                                                                                                                                                                                            • Unknown pseudo relocation bit size %d., xrefs: 70A9564A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                            • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                                                            • API String ID: 544645111-395989641
                                                                                                                                                                                                                            • Opcode ID: 339c15d006511560339925f517702310dc680788fc153389e1eef27aa90dbf79
                                                                                                                                                                                                                            • Instruction ID: c2c6cd297b62b67af0e8b0a24ea547c163ad2cc1381ce71c66efa484693f7156
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 339c15d006511560339925f517702310dc680788fc153389e1eef27aa90dbf79
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0915C71B301408AEF1587B6D98274D63E3FB487A4FA48515DF1E8B7ACDA3DD9828708
                                                                                                                                                                                                                            Function 00007FF7CFBC2020 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                            • Opcode ID: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                                                            • Instruction ID: 4a5a25262d377bc438db715eaebd04899d714891684bccf52cfa74d9a3e463fc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE51D522618BE186D6349F36A0182BAF7A1FB58B61F404125EBCE83685DF7CD045DB20
                                                                                                                                                                                                                            Function 70A2D210 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strcmp
                                                                                                                                                                                                                            • String ID: 3des$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                                                                            • API String ID: 1004003707-2898822856
                                                                                                                                                                                                                            • Opcode ID: 464357bab5226c83230ff7ddc98dea84ff7d6811791d22299b2bc95c1f275a7e
                                                                                                                                                                                                                            • Instruction ID: 5022d37041c2fbf0fcf86327de083f34fbc634a46c5a561c130f4ceb8ae49d10
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 464357bab5226c83230ff7ddc98dea84ff7d6811791d22299b2bc95c1f275a7e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D231726234628689DE15CB52E7947FD6361EF887D6F4081289E0B8F949DF18E50BC351
                                                                                                                                                                                                                            Function 70A226B0 Relevance: 16.6, APIs: 11, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$Process$AdaptersAddressesFree$Allocinet_ntoa
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1708681428-0
                                                                                                                                                                                                                            • Opcode ID: 4f5458f5089b5a7e86f07b6741ba0edd552bcacc8860df83db74114d2a597805
                                                                                                                                                                                                                            • Instruction ID: d4e88b45d54be817ce87f14d87ca7e29a9b9b7d57c5dde50ed2d03b06efca719
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f5458f5089b5a7e86f07b6741ba0edd552bcacc8860df83db74114d2a597805
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D21E2217086549AE704DBB6FD11B1F67A2BBC8BD5F04823AAE0D577A8DE3CE5418700
                                                                                                                                                                                                                            Function 70A22A90 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3483679945-0
                                                                                                                                                                                                                            • Opcode ID: 36608fc77a87cb34de43f92055041f1a1aaff40ac3dd4ab04145464c7a4fbbcb
                                                                                                                                                                                                                            • Instruction ID: 4bab2a93c6f0099debb89e4662b31fead0e755f2839724a4dbe2546530b70343
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36608fc77a87cb34de43f92055041f1a1aaff40ac3dd4ab04145464c7a4fbbcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D311571170560568DA15EBB3FD1076E97922FCDBE4F488236AD2D973ACEE3CE5028310
                                                                                                                                                                                                                            Function 70A14CF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 189stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strrchr
                                                                                                                                                                                                                            • String ID: <frozen %s$__init__.py
                                                                                                                                                                                                                            • API String ID: 3418686817-1237021342
                                                                                                                                                                                                                            • Opcode ID: 439e6feb79bed36a256749ea8ae4fe06bb98eb112d7af6dde0f67c8bdea58851
                                                                                                                                                                                                                            • Instruction ID: 9c19d6ea131b4973b6fc81154cacc5f76206a33d24a75c2d4fbb7ded33e5ea40
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 439e6feb79bed36a256749ea8ae4fe06bb98eb112d7af6dde0f67c8bdea58851
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 965128123156955AEF118F26E5007DD6771B789FC8F888425EE4A1B78CFA7CD686C310
                                                                                                                                                                                                                            Function 70A95900 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: signal
                                                                                                                                                                                                                            • String ID: CCG
                                                                                                                                                                                                                            • API String ID: 1946981877-1584390748
                                                                                                                                                                                                                            • Opcode ID: 727af3ef836dd6ac1d00c635e4c77c9315162afd1b24af48d1e8e889c9b87ffe
                                                                                                                                                                                                                            • Instruction ID: ebb13e2c12078f6e1431d13dcf628bbebaa3c901337a66821697bb7e28559f4b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 727af3ef836dd6ac1d00c635e4c77c9315162afd1b24af48d1e8e889c9b87ffe
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B73170607341008AFF25427A85A732C11D6AB8D3B8F25871A996F873FCCD19DCC5531E
                                                                                                                                                                                                                            Function 00007FF7CFBC6FA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FC7
                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FF6
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 00007FF7CFBC704C
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                            • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                            • Opcode ID: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                                                            • Instruction ID: 2806178e65715bff282b2747c9ff236732a1d132cbe0d1fc7b30c6f8b677f311
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08214131A18A8292EB64BF35F8507EAB365BF483A4FD40135D58D826A5EF3CE145C730
                                                                                                                                                                                                                            Function 70A2D690 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • src/misc/crypt/crypt_register_hash.c, xrefs: 70A2D8F7
                                                                                                                                                                                                                            • hash != NULL, xrefs: 70A2D8FE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcmp
                                                                                                                                                                                                                            • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                                                                            • API String ID: 1475443563-1465673959
                                                                                                                                                                                                                            • Opcode ID: d074f32d5c0fa2d950b386af87f01a1331de20546da92a036df862c2cae5b56c
                                                                                                                                                                                                                            • Instruction ID: 24c3099d925a3f908a11c372cc841be4996ae8772903ec2a6ce8e291755bc9ee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d074f32d5c0fa2d950b386af87f01a1331de20546da92a036df862c2cae5b56c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D616C3331074486E750CB26E984B9E73A8F788BD8F508029DF8A87758DF39E55AC354
                                                                                                                                                                                                                            Function 70A2D920 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • src/misc/crypt/crypt_register_prng.c, xrefs: 70A2DB4F
                                                                                                                                                                                                                            • prng != NULL, xrefs: 70A2DB56
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcmp
                                                                                                                                                                                                                            • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                                                                            • API String ID: 1475443563-58737364
                                                                                                                                                                                                                            • Opcode ID: 218bb2839e06c975f6307cab8145e91dec6a6cee5752b9f46463fe2b4326b6a8
                                                                                                                                                                                                                            • Instruction ID: 3ccd453ff670c1ed31a4aeeeada7202f50ff79498c82cb23fdcee01ac5c328f5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 218bb2839e06c975f6307cab8145e91dec6a6cee5752b9f46463fe2b4326b6a8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC518E33310B9496D750CF12E984B9E7368F788BC5F45413ADF5A83644EB78E559C710
                                                                                                                                                                                                                            Function 70A2D360 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strcmp
                                                                                                                                                                                                                            • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                                                                            • API String ID: 1004003707-2030105502
                                                                                                                                                                                                                            • Opcode ID: 5cbf8aaeb0cf756e4082b2c299a9473fdef5e9414b9ec32f93ee8afcfb714adf
                                                                                                                                                                                                                            • Instruction ID: ba21aaf8fab1174460ad14d804765318f2b421dabd07186d6a53c9d6848ec903
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cbf8aaeb0cf756e4082b2c299a9473fdef5e9414b9ec32f93ee8afcfb714adf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E731B3A334264649EE14DE62E7D43BD6361EF89BC6F0041389E4B8B95DDB28E50BC351
                                                                                                                                                                                                                            Function 70A2D0C0 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • name != NULL, xrefs: 70A2D1F8
                                                                                                                                                                                                                            • src/misc/crypt/crypt_find_cipher.c, xrefs: 70A2D1F1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strcmp
                                                                                                                                                                                                                            • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                                                                            • API String ID: 1004003707-679692990
                                                                                                                                                                                                                            • Opcode ID: 15c8e9be63cb7d01a88cd149f8cb9d390188a247097153960caf0327d89c631a
                                                                                                                                                                                                                            • Instruction ID: 1e8da41a102762bd96b7f0ba5eb90a4823bb3e01260c1154a898f8d1a70a0a3d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15c8e9be63cb7d01a88cd149f8cb9d390188a247097153960caf0327d89c631a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C31846334618689EF14CA52AF957BD6361EF89BC5F008239DE0B8BD5DDB18D60BC350
                                                                                                                                                                                                                            Function 70A3C910 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: malloc
                                                                                                                                                                                                                            • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                                                            • API String ID: 2803490479-2931318352
                                                                                                                                                                                                                            • Opcode ID: a41bf6304092f0e12ee6b2b48442d8b4c607de8f101fac0571f231d182ff6aa5
                                                                                                                                                                                                                            • Instruction ID: 9a0b2ca27a94c3b9f6e7c6f4008649c6dc24744ae5db97d4a56896b3e8a56bbc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a41bf6304092f0e12ee6b2b48442d8b4c607de8f101fac0571f231d182ff6aa5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98512772B181944ADB12CF31AD1577EFBA2EB49BC4F858018DE4B47A0DEB39D905C710
                                                                                                                                                                                                                            Function 70A06D50 Relevance: 12.5, APIs: 3, Strings: 5, Instructions: 485COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • obfmode.c, xrefs: 70A07450
                                                                                                                                                                                                                            • code, xrefs: 70A07457
                                                                                                                                                                                                                            • lambda_, xrefs: 70A06E13
                                                                                                                                                                                                                            • The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it, xrefs: 70A072FA
                                                                                                                                                                                                                            • <lambda>, xrefs: 70A06DF0
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpy
                                                                                                                                                                                                                            • String ID: <lambda>$The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it$code$lambda_$obfmode.c
                                                                                                                                                                                                                            • API String ID: 3510742995-709486575
                                                                                                                                                                                                                            • Opcode ID: c4716056c2122c0a339fa145195c923bf375f4e1c5816e5f35935589c52cb295
                                                                                                                                                                                                                            • Instruction ID: 69ca25bbf8cbcc539b5eabc4761f5a7e7bf4c28ccf3e759263da0b8e627adb18
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4716056c2122c0a339fa145195c923bf375f4e1c5816e5f35935589c52cb295
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E112E332F09A84C6DB11CB25F9407AD77A1F789B90F108616EE5A47B6CEB3CD545CB00
                                                                                                                                                                                                                            Function 00007FF7CFBC70F0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC718F
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC71DF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                            • API String ID: 626452242-27947307
                                                                                                                                                                                                                            • Opcode ID: fa9d1244c0df4a3da197d46f43a843eb0ca5152a567223857be27928dd5f749e
                                                                                                                                                                                                                            • Instruction ID: c83523253db7ed247c55f368d9999e15fed7fe28b1f37fdb839e33045c630e35
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa9d1244c0df4a3da197d46f43a843eb0ca5152a567223857be27928dd5f749e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5418032A08BC282DA60EF65B4401AAF7A4FB857A0FA44135EE9D47B94DF3CD055C730
                                                                                                                                                                                                                            Function 00007FF7CFBC6AC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD29DC: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7CFBD4CC0), ref: 00007FF7CFBD2A49
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD29DC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7CFBD4CC0), ref: 00007FF7CFBD2A64
                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32 ref: 00007FF7CFBC6B47
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD4C20: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD4C34
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBD2590: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD25F7
                                                                                                                                                                                                                            • GetCommandLineW.KERNEL32 ref: 00007FF7CFBC6BCF
                                                                                                                                                                                                                            • CreateProcessW.KERNEL32 ref: 00007FF7CFBC6C11
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7CFBC6C25
                                                                                                                                                                                                                            • GetExitCodeProcess.KERNEL32 ref: 00007FF7CFBC6C35
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                            • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                            • API String ID: 1742298069-3524285272
                                                                                                                                                                                                                            • Opcode ID: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                                                            • Instruction ID: 7ea08a7a2c41f1871d6a36f448b86bc248dbadd40c1f5eb15fb3fb2ccd4d2986
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78412D32A08AC286D614EF74E4553EAF3A0FF94364F90453AE68D47A9ADF7CD0558B20
                                                                                                                                                                                                                            Function 00007FF7CFBC75A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC75E1
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC7655
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                            • API String ID: 3723044601-27947307
                                                                                                                                                                                                                            • Opcode ID: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                                                            • Instruction ID: 6142a883295431557d6c763efc48c468125b3b6da6721f2d4edf789490540dda
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE219421A18BC385EB10EF39EC401BAB7A5AB44BE0BA44535CA9D43794EF7CE445C330
                                                                                                                                                                                                                            Function 70A07980 Relevance: 12.3, APIs: 3, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strlenstrstr
                                                                                                                                                                                                                            • String ID: <lambda>$co_names$code$lambda_$obfmode.c
                                                                                                                                                                                                                            • API String ID: 2393776628-2864150894
                                                                                                                                                                                                                            • Opcode ID: fa60d14edacd4303a7aef9ee630c0b1a42870550b28da1bd2770e74e85f5b7b7
                                                                                                                                                                                                                            • Instruction ID: 28718279c2b9c6404c55f553674a8bc5d2bc9fea9dbb9fdeefb8f945cc3b1021
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa60d14edacd4303a7aef9ee630c0b1a42870550b28da1bd2770e74e85f5b7b7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11B1AE62B19B88C5EB11CB12F94176D67A0FB9ABC4F444625DE8E07768EF3CE645C700
                                                                                                                                                                                                                            Function 70A30830 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 196COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: in != NULL$key != NULL$out != NULL$outlen != NULL$src/pk/rsa/rsa_sign_hash.c
                                                                                                                                                                                                                            • API String ID: 0-3034240082
                                                                                                                                                                                                                            • Opcode ID: 5bd07b897cf90f6f89350b3f5f6255c2338198fd783aa3f6e7c238f845e7bfaa
                                                                                                                                                                                                                            • Instruction ID: bcea12ab981edad99553476f61774d495beecea19f77f84b1acdba4803a9438a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bd07b897cf90f6f89350b3f5f6255c2338198fd783aa3f6e7c238f845e7bfaa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 378139726086C48AE720CF11E564B9EB7A4F388788F904525EE8A97B5CDB3DD544CF40
                                                                                                                                                                                                                            Function 70A33110 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: callocfree
                                                                                                                                                                                                                            • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                                                            • API String ID: 306872129-3913984646
                                                                                                                                                                                                                            • Opcode ID: 662745629ee3902020316fb88a8a62945f6c4869adbd1b4081a0a8de014e681b
                                                                                                                                                                                                                            • Instruction ID: 2ad7212aa4f239297713717a90a29d011b25a8a2cd5a5885b511abf1fb35dcae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 662745629ee3902020316fb88a8a62945f6c4869adbd1b4081a0a8de014e681b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 144168727182C08AEB718B56E9407DEB6A5F7D8384F80421A9E8A47B5CDB7CD545CB40
                                                                                                                                                                                                                            Function 70A03940 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sprintf$malloc
                                                                                                                                                                                                                            • String ID: %s%s$', %d)$(__name__, __file__, b'$\x%02x$__pyarmor__
                                                                                                                                                                                                                            • API String ID: 1197820334-965320081
                                                                                                                                                                                                                            • Opcode ID: 5127fce4ec5a67789d686ae6a14468ce0f27d91af1717806ed083a98e976e436
                                                                                                                                                                                                                            • Instruction ID: 80f78f282403ac8426d36abc0e1a6a37d9d526a3a805298e8854f25e872aca88
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5127fce4ec5a67789d686ae6a14468ce0f27d91af1717806ed083a98e976e436
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5210527B2161AA6DF04CB16EE007AD2755FB49BD8F848621DE4E57318EA3CF84BC300
                                                                                                                                                                                                                            Function 70A951B0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • Address %p has no image-section, xrefs: 70A95399
                                                                                                                                                                                                                            • VirtualQuery failed for %d bytes at address %p, xrefs: 70A95388
                                                                                                                                                                                                                            • VirtualProtect failed with code 0x%x, xrefs: 70A9533A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: QueryVirtual
                                                                                                                                                                                                                            • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                                                            • API String ID: 1804819252-2123141913
                                                                                                                                                                                                                            • Opcode ID: 45c7f9d79dc437a4fbeb1dfdcba53b9c7f362df38b7f26e5502aa6f87964a70d
                                                                                                                                                                                                                            • Instruction ID: ced9c986f56f9a87b9941e0458fc4f1a6d41a72cecf00f27e5810157421442ad
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45c7f9d79dc437a4fbeb1dfdcba53b9c7f362df38b7f26e5502aa6f87964a70d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5451B172B21B40CADB118F36E94279D77E5B748BA4F448215EE1E4B3ACDB38DA41C708
                                                                                                                                                                                                                            Function 70A965A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _stat64$freemallocstrlen
                                                                                                                                                                                                                            • String ID: <unknown>
                                                                                                                                                                                                                            • API String ID: 2817875163-1574992787
                                                                                                                                                                                                                            • Opcode ID: 5de89a2566f29d22f67eb05d831bfbd7b4597e754e1c9548bbcdaf0f3e37cb61
                                                                                                                                                                                                                            • Instruction ID: fcff6864f94721808232cda1c4283ee35a4e7d54a35b92fa3991a0573792f53d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5de89a2566f29d22f67eb05d831bfbd7b4597e754e1c9548bbcdaf0f3e37cb61
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D51F26232879089DB198F22D08136E77F6EF4DB99F14801AEB860775CD73EC849CB59
                                                                                                                                                                                                                            Function 00007FF7CFBC7690 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                            • API String ID: 626452242-876015163
                                                                                                                                                                                                                            • Opcode ID: 95bd3e9a621ad32515735ffacbcf5a840b08ab00d44de53fcbd46df741fe2f28
                                                                                                                                                                                                                            • Instruction ID: f1100f57a9e39d22977691d27d19a13088c4d3c05f7792962537a426cfdeb8f7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95bd3e9a621ad32515735ffacbcf5a840b08ab00d44de53fcbd46df741fe2f28
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71419632A09BC682EA10EF26A8441B6B7A5FB447A0FA44136DE9D47B94DF3CD455C730
                                                                                                                                                                                                                            Function 00007FF7CFBCC420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC4A5
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC4B3
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC4DD
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC523
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7CFBCC6D2,?,?,?,00007FF7CFBCC3CC,?,?,?,?,00007FF7CFBCC0ED), ref: 00007FF7CFBCC52F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                            • Opcode ID: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                                                            • Instruction ID: 03271c85333b9ecbd9b82fe150f90eb4af50d9910be98b9f8f60323e78f23ec7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE31A3A1A1A6C195EE11BF2AA4016BAA394BF19BB4F9A4535DD1D4B384EF3CF4418330
                                                                                                                                                                                                                            Function 00007FF7CFBC5FD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7CFBC631F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7CFBC602F
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2760: MessageBoxW.USER32 ref: 00007FF7CFBC2831
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7CFBC6006
                                                                                                                                                                                                                            • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7CFBC6043
                                                                                                                                                                                                                            • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7CFBC608A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                            • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                            • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                            • Opcode ID: a4ffd2c6e21663c494c1ccd148bacda67934ce9c792482064e62d0577ff9622d
                                                                                                                                                                                                                            • Instruction ID: 9e31436d22075a7c9ae99307651aa4ba2a066a89c3797567b99ba7e926f0b167
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4ffd2c6e21663c494c1ccd148bacda67934ce9c792482064e62d0577ff9622d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA31A551B1DAC341FA64BF35E9553FBD2A1AF887E1FC44032DA4E4269AEF2CE5048630
                                                                                                                                                                                                                            Function 00007FF7CFBC7490 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC7550
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                            • API String ID: 3723044601-876015163
                                                                                                                                                                                                                            • Opcode ID: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                                                            • Instruction ID: fdd4d4f969c0c4d22f83ca58d92406bd259031944a01dffcc9ed665178d56cb9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D214621B08A8242EB50EF39F8401AAE7A1FB847E4FD84535DF5C83B69EF6CD5558720
                                                                                                                                                                                                                            Function 00007FF7CFBE2280 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                            • Opcode ID: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                                                            • Instruction ID: 087736151fe30c49d4b39d06075e6bd6b6de584282b2d84e70f396dab914e059
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B11B235B18B8186E350AF62E8547A9E3A0FB88FF4F940234EA1D87794DF7CD4448760
                                                                                                                                                                                                                            Function 00007FFBAA542AC0 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 268COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1910047217.00007FFBAA521000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA520000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910016209.00007FFBAA520000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910188529.00007FFBAA66E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910217094.00007FFBAA673000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffbaa520000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                            • API String ID: 0-2677786666
                                                                                                                                                                                                                            • Opcode ID: ac5c9069f6bf81746269997d4274784afd216d98bc100d78f673ecab4f845917
                                                                                                                                                                                                                            • Instruction ID: 8d60a4b68500182640c0c1f940cd4e0468ae1996a7683a669506c6e6bbad7bfb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac5c9069f6bf81746269997d4274784afd216d98bc100d78f673ecab4f845917
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75B1DDB6A096A6C7D761CB2AE045A7E73AEFB45B80F014075DE4D43B45DF38E442C714
                                                                                                                                                                                                                            Function 70A04900 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: fclose$freefseekmalloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1339445139-0
                                                                                                                                                                                                                            • Opcode ID: fb2f067e3bd81d461955686dc85af8f3ef903c9814697262ba01f1c5ab3d79fd
                                                                                                                                                                                                                            • Instruction ID: 7a6d6b822305b16d9c389cc4b79372be7958b175777b5c4273f4cb1ab30257f1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb2f067e3bd81d461955686dc85af8f3ef903c9814697262ba01f1c5ab3d79fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73110A537212290CEE55AB673F1236F42C25FC9BE1F088630AD1E4779CFC78A4818305
                                                                                                                                                                                                                            Function 70A024C0 Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 40stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strlen$malloc
                                                                                                                                                                                                                            • String ID: %s%c%s$\$license.lic
                                                                                                                                                                                                                            • API String ID: 3157260142-3068191871
                                                                                                                                                                                                                            • Opcode ID: 5adf3f5d1d35b6e4926f7a2d288f8e1a1b5244bf19ebae5aa32487b9d187c434
                                                                                                                                                                                                                            • Instruction ID: 8b429b5fcf0b8b155993a3a6f3c5f391319645be3028a3ff2655cde564351edb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5adf3f5d1d35b6e4926f7a2d288f8e1a1b5244bf19ebae5aa32487b9d187c434
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EF02422B5134888EC128B02BE0139DA398AF89BE4F8C81305E0E07768FA3CE5868344
                                                                                                                                                                                                                            Function 00007FF7CFBC2230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                            • Opcode ID: 2617642130cb3c2885c8050bcfcfe7c95971074e5b05e943a74e7e47920840ec
                                                                                                                                                                                                                            • Instruction ID: 1c747b8390a6344ed88f2875b870b9a10dc7e2a36256745d681e451fae0bc673
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2617642130cb3c2885c8050bcfcfe7c95971074e5b05e943a74e7e47920840ec
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14313672A09AC285EB24EF71E8551FAA364FF887A4F840135EA4E87B59DF3CD145C720
                                                                                                                                                                                                                            Function 00007FF7CFBC2610 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC6FA0: GetLastError.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FC7
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC6FA0: FormatMessageW.KERNEL32(00000000,00007FF7CFBC2690), ref: 00007FF7CFBC6FF6
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7CFBC74CA
                                                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 00007FF7CFBC2738
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                            • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                            • Opcode ID: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                                                            • Instruction ID: 13a15e4fb7a8668295bb9b31e52a3ad5a6e3164be72021faa4cc9e2b9c1bf678
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B314372628AC291EA20AF20E4517EBA364FF84794FC05036E68D47A99DF7CD605CB70
                                                                                                                                                                                                                            Function 00007FF7CFBD43E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                            • Opcode ID: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                                                            • Instruction ID: d41c01f67d1a3f9c31236ae43d03c114c8a064ca11a5aec448d5709cb92b7630
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F03A61A19A8281EB48AF30E8843B8A360EF48B65FC4103AD54F86569CF3CE588C730
                                                                                                                                                                                                                            Function 00007FF7CFBD7748 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CFBD778A
                                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707,?,?,?,00007FF7CFBD136B), ref: 00007FF7CFBD7848
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBD7707,?,?,?,00007FF7CFBD136B), ref: 00007FF7CFBD78D2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2210144848-0
                                                                                                                                                                                                                            • Opcode ID: abf261f407780d73d122f22d6a8d00088c8cb71f7aeeba393a2ce32a2c31ccc9
                                                                                                                                                                                                                            • Instruction ID: a8d54a1098333b2ecb8fe3856bb7f5fac932291e065221c85fdf17395fd9eb6c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abf261f407780d73d122f22d6a8d00088c8cb71f7aeeba393a2ce32a2c31ccc9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A817D22A1869295FB10BF75D8402F9A6A0AB44BA8FE44136DE0E53699DF3CA445C332
                                                                                                                                                                                                                            Function 70A32330 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                                                            • API String ID: 0-3192267683
                                                                                                                                                                                                                            • Opcode ID: 5d8379644c24468e21ca846d65688a4a95fb3662f13fd0de23da40a808fbdf48
                                                                                                                                                                                                                            • Instruction ID: e83ab51073c3498109e51c549f92599b95bb0d356d7a6343acc4c200262eb79b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d8379644c24468e21ca846d65688a4a95fb3662f13fd0de23da40a808fbdf48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1331277270425485E7118B16F84479EABA5F789FD8FC44125EE4E8BB6CDB3CC586C700
                                                                                                                                                                                                                            Function 00007FF7CFBE3854 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                                            • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                                                            • Instruction ID: d77aa0bb2dfdc366b32d6fe74a7f54cda6e6601de35c2c0790526fd7d42b1b66
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03115B22E18AC301F6643F38E4623F598906F54374FEC0634EB6E063D68F1EA8445370
                                                                                                                                                                                                                            Function 70A94EF0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32 ref: 70A94F35
                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 70A94F40
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 70A94F49
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 70A94F51
                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32 ref: 70A94F5E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                            • Opcode ID: f5d87bf7f0e3f8bbfa70d4cf8d71db31ffcf3f5bb4ca7de3311258b585774c07
                                                                                                                                                                                                                            • Instruction ID: e623e904c34ab3bce6138c36496c50d5c53e7756fe3b0b097cc6faa774dd11a2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5d87bf7f0e3f8bbfa70d4cf8d71db31ffcf3f5bb4ca7de3311258b585774c07
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43119126B29B1186FB119B21F90431973A0B748BB5F0817319E9D43BA8DF3CE5868704
                                                                                                                                                                                                                            Function 70A024D6 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 26stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strlen$malloc
                                                                                                                                                                                                                            • String ID: %s%c%s$\
                                                                                                                                                                                                                            • API String ID: 3157260142-3534329225
                                                                                                                                                                                                                            • Opcode ID: d29d0c8999ea75dd5e949018dc17c002143faed2992bcdbd30759a4d41fb7843
                                                                                                                                                                                                                            • Instruction ID: d0c969897b5a35f87c69745b3451d3a9bc0593bc9381023adeec69f8b9af8d08
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d29d0c8999ea75dd5e949018dc17c002143faed2992bcdbd30759a4d41fb7843
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE0D8617513444DDD15DB02BE1125DA2C49F89BD8F8C81345D4E13B68EE3CF1868744
                                                                                                                                                                                                                            Function 70A73900 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: abortfwrite
                                                                                                                                                                                                                            • String ID: '$illegal index register
                                                                                                                                                                                                                            • API String ID: 1067672060-451399654
                                                                                                                                                                                                                            • Opcode ID: b5513bfd8cfe42802b2ec78025f659bb4d839320a4c8f6a0af50cf237da25261
                                                                                                                                                                                                                            • Instruction ID: 211e27df0bf59bf58fe276048d2fe8f546a4cb213ce258a45231abf7bbd364a8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5513bfd8cfe42802b2ec78025f659bb4d839320a4c8f6a0af50cf237da25261
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3917E73619B89C4DB128F3DE850A4C7F65E399F88B9AD112CB4D47718CA7EC856C311
                                                                                                                                                                                                                            Function 00007FF7CFBDA940 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                            • Opcode ID: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                                                            • Instruction ID: dbdd0ed6e66476ca56e90bb0e771a068ab0fec6e840f212a431fb9db6c90541c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B81C576E092C285FB6C6F35C6502F8B699AB11F64FD54032CA0D5768EDB2DE8429333
                                                                                                                                                                                                                            Function 70A0FEA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • This function could not be called from the plain script, xrefs: 70A10038
                                                                                                                                                                                                                            • Internal buffer error, xrefs: 70A10067
                                                                                                                                                                                                                            • Invalid license, xrefs: 70A10017
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _time64
                                                                                                                                                                                                                            • String ID: Internal buffer error$Invalid license$This function could not be called from the plain script
                                                                                                                                                                                                                            • API String ID: 1670930206-992726897
                                                                                                                                                                                                                            • Opcode ID: e1ab7cfaf49cd4123e19af3f7a37b6dc203b4641975dd2cfe730abcce2f650ac
                                                                                                                                                                                                                            • Instruction ID: 489246572c47e82a6237a046f2aebc35bfe705fcd7f37b711a2615ceb242a141
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1ab7cfaf49cd4123e19af3f7a37b6dc203b4641975dd2cfe730abcce2f650ac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C415C32A09A0AC1EB118B25FC9035D73A4FBD9B90F544B26C94E93778EF3CD686C201
                                                                                                                                                                                                                            Function 00007FF7CFBC24C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                            • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                            • Opcode ID: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                                                            • Instruction ID: 86da02784a14ee3cdd724e342856f33f381618de5362e94708ef3cd500944d0c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72313272628AC291E620BF20E4517EBA364FF84794FC05036EA8D47A99DF3CD205CB70
                                                                                                                                                                                                                            Function 00007FF7CFBC3A40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF7CFBC353B), ref: 00007FF7CFBC3A71
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7CFBC7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7CFBC101D), ref: 00007FF7CFBC2644
                                                                                                                                                                                                                              • Part of subcall function 00007FF7CFBC2610: MessageBoxW.USER32 ref: 00007FF7CFBC271C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                            • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                            • Opcode ID: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                                                            • Instruction ID: 1b9cffb60b54ba0fc27196ab15abd7df9a916b9c3af3e7757139a26caf33e4c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24018420B186C281FA60BF30D8553FA9355BF4C7A4FC44032E84DC6292EF1CE5548730
                                                                                                                                                                                                                            Function 70A224D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • platforms/windows/hdinfo.c, xrefs: 70A22510
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                            • String ID: platforms/windows/hdinfo.c
                                                                                                                                                                                                                            • API String ID: 1365068426-3843089204
                                                                                                                                                                                                                            • Opcode ID: 4f9c9b38fdd8cd9d3f09ca1ccca40397f05075ae435e568d50ce60769f5b7dcc
                                                                                                                                                                                                                            • Instruction ID: b24e149ccaeba68b22007b3c40073f7ee7d07bfa331f8808a028aa2af37cc9bd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f9c9b38fdd8cd9d3f09ca1ccca40397f05075ae435e568d50ce60769f5b7dcc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8F06D31608E41C6E710AB11E81874BB771F3D9B85F604226EA8E43B68CF7DC24A8B40
                                                                                                                                                                                                                            Function 70A96380 Relevance: 6.3, APIs: 5, Instructions: 65stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: mallocstrlen$free
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2585366504-0
                                                                                                                                                                                                                            • Opcode ID: 58d88c0c37228a1656931f1eb73e7fccb26075a40cc04a475957a29712ad9711
                                                                                                                                                                                                                            • Instruction ID: 320e233044c18f0d59fc071a806d672c8f310abb8660db1e1b5acbe002485e69
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58d88c0c37228a1656931f1eb73e7fccb26075a40cc04a475957a29712ad9711
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE1126527302A446D7199F32A6725BE6BE0DF8FFC8F44C025EE8B4771CEA289112C708
                                                                                                                                                                                                                            Function 00007FFBAA53EAF0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1910047217.00007FFBAA521000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA520000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910016209.00007FFBAA520000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910148337.00007FFBAA642000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910188529.00007FFBAA66E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1910217094.00007FFBAA673000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffbaa520000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                            • API String ID: 2221118986-2677786666
                                                                                                                                                                                                                            • Opcode ID: ef47545407ae41bc1f4462f028f9b1cb82b63cac4e3b088ae01a3ba2bad5a11c
                                                                                                                                                                                                                            • Instruction ID: ed26396ee52ba88625db0fee5ef6968a0829a151205e21d0ad4d447dc84b98cf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef47545407ae41bc1f4462f028f9b1cb82b63cac4e3b088ae01a3ba2bad5a11c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D717AA290E1E2C1E31BB637E1704BD7ED9E792701B0442B6DEDA476C1CA2CE546D734
                                                                                                                                                                                                                            Function 00007FF7CFBDA16C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                                                            • Opcode ID: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                                                            • Instruction ID: 756e8bd54f51db653408a0651147aba616236a4210acc2161749e501339130f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2510B72F041928AFB1CEF7899415FCB76AAB007B8F940136DE1D56ADADB3CA4058721
                                                                                                                                                                                                                            Function 00007FF7CFBE0CAC Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 72036449-0
                                                                                                                                                                                                                            • Opcode ID: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                                                            • Instruction ID: 8094f8f7b1c0c2611b743d0323767a29994d07475f71892699173aec6d18f32f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62519C32E0C28286F7696F3894113FAE680DB407B4F998435DE89562D6CB7CF8418772
                                                                                                                                                                                                                            Function 70A01010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1015461914-0
                                                                                                                                                                                                                            • Opcode ID: 53646180b168e37bc0d352e324a0aece84e6065f694417a0854dbf3d6e579899
                                                                                                                                                                                                                            • Instruction ID: 036e4f892ff51efac41c39f430c5ac5bfcc1bf02d2e0920655c5d7c27df65b38
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53646180b168e37bc0d352e324a0aece84e6065f694417a0854dbf3d6e579899
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F417F32B05548C9E7078F1AF9A079A62B5B7887D4F84422AEE5D47358FF7CE9C29340
                                                                                                                                                                                                                            Function 00007FF7CFBD0030 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                                                            • Opcode ID: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                                                            • Instruction ID: a71c04a336d5563e30ff2d36b9b764314baf0c8535dca42b4ba960bca2a85966
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85517E22A046818AFB14EF70D8403FDA7B5AB48BA8F944136EE0D5B68DDF38D4858771
                                                                                                                                                                                                                            Function 00007FF7CFBC1F60 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                                                            • Opcode ID: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                                                            • Instruction ID: 06e0134d879a74a059e884eb499e3109dcf021433b9cde77592bcaa0ad9518a3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B11E531E181C242F754BF7AE6443FA9292EF98BA0FC59031EA4D06B89CF2CD4818230
                                                                                                                                                                                                                            Function 00007FF7CFBCDD10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                            • Opcode ID: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                                                            • Instruction ID: 4cc26fab56f1ad0fa1eb7fbceb92a65ec34617abc345f6ef80e700adb507e3da
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC51657A9082A386EB64BF34C0443FEB7A1FB69B28FD41135C65946295CF78E485C731
                                                                                                                                                                                                                            Function 00007FF7CFBD8C64 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: e+000$gfff
                                                                                                                                                                                                                            • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                            • Opcode ID: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                                                            • Instruction ID: c88834f893563440471d5c9fb35876a3732ffa840c4eb1224e31b30ee81c3604
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5512862B187C586E7259F3598403A9EB91EB90BA0F889236C79C47BD9CF3CD444C731
                                                                                                                                                                                                                            Function 00007FF7CFBC48D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: mbstowcs
                                                                                                                                                                                                                            • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
                                                                                                                                                                                                                            • API String ID: 103190477-3625900369
                                                                                                                                                                                                                            • Opcode ID: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                                                            • Instruction ID: 99ff3c91202a99ccaa6964aad8039058796a341b81bca0ab53685992eae7b661
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58517B25A0868285EB14BF35E8552FAA2A1EF84BA0FD04136D90D477DACF7CE9418370
                                                                                                                                                                                                                            Function 00007FF7CFBD39A8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFreeHeapModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\1A70mZfanW.exe
                                                                                                                                                                                                                            • API String ID: 13503096-1916908765
                                                                                                                                                                                                                            • Opcode ID: 42781f58a5dd844ab671a5851bd5fe7d0f4f51e497937ca85619c6fe76df429d
                                                                                                                                                                                                                            • Instruction ID: f43e1cb27217db3d8c0b266052ddabe2ff95d7ff2d6a6d55e588c89c88a9f669
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42781f58a5dd844ab671a5851bd5fe7d0f4f51e497937ca85619c6fe76df429d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D417136B09B9285EB14EF31E4411FDA7A4EF447A4B984036EA4E47B8ADF3DE4418331
                                                                                                                                                                                                                            Function 00007FF7CFBD74EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                                            • Opcode ID: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                                                            • Instruction ID: da0fc40f90b341717eabdde85bf21915e49555381f045dcef31bdc6161ba59c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E419472618A8582DB609F35E8443EAA760FB547A4F944032EE4D87798EF3CD441C761
                                                                                                                                                                                                                            Function 70A145F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: freestrrchr
                                                                                                                                                                                                                            • String ID: .pye
                                                                                                                                                                                                                            • API String ID: 4178315289-4135401513
                                                                                                                                                                                                                            • Opcode ID: d17273e83a67628eed136ef44bfe7f653d065c978a7cb02a0fea4f7d6472c0af
                                                                                                                                                                                                                            • Instruction ID: 5597bfaa514befca2eed9967239c43ecdc9d8ae8cb8aef605c12d5cd0d942339
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d17273e83a67628eed136ef44bfe7f653d065c978a7cb02a0fea4f7d6472c0af
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20110812B1521489FF059B65BD1436D53A0AB89FD5F088530DE1E47768FE3CD8C6C304
                                                                                                                                                                                                                            Function 00007FF7CFBD9DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                                            • Opcode ID: c4a2b5a5518626f88fa0b707d726c254c873bc95232582f93e82de54877482e1
                                                                                                                                                                                                                            • Instruction ID: e890f8f190b714ce5a97986d6a00f8205461daf0132c6490d62a9dd5d6ad3b87
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4a2b5a5518626f88fa0b707d726c254c873bc95232582f93e82de54877482e1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3121B972A086C182EB24AF35D4542BEB3A1FB84B54FC54036DA8D43689DF7CD9498771
                                                                                                                                                                                                                            Function 00007FF7CFBC2870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Error detected
                                                                                                                                                                                                                            • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                            • Opcode ID: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                                                            • Instruction ID: 2bde6861f5acd4649db96c0e62530255bc1c89a310d9e1b3f746d4706fc2b3fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86213272628AC291EB20AF21F4517EAA354FB84798FC05135EA8D47A99DF7CD205CB70
                                                                                                                                                                                                                            Function 00007FF7CFBC2760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID: Fatal error detected
                                                                                                                                                                                                                            • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                            • Opcode ID: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                                                            • Instruction ID: 83792241957908593c69e7e471e0f5550563ef7a4055df21a92e05712c2bd6de
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83213272628AC291EB20AF20F4517EAA354FF84798FC05135EA8D47A99DF7CD205CB70
                                                                                                                                                                                                                            Function 00007FF7CFBD982C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CompareStringtry_get_function
                                                                                                                                                                                                                            • String ID: CompareStringEx
                                                                                                                                                                                                                            • API String ID: 3328479835-2590796910
                                                                                                                                                                                                                            • Opcode ID: b38ec196671d9afb90d7824daebd837d8761de2e7fc61caa139df7cd0b58523b
                                                                                                                                                                                                                            • Instruction ID: 3b428ee6d8103dc0c664d43921bb7bd21d54e9bfb5e50f680b9ed1650451068d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b38ec196671d9afb90d7824daebd837d8761de2e7fc61caa139df7cd0b58523b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53111A36A08BC186D7609F15B4402AAB7A1FB89BD0F544136EA8D83B19CF3CD4508B50
                                                                                                                                                                                                                            Function 00007FF7CFBD9A98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Stringtry_get_function
                                                                                                                                                                                                                            • String ID: LCMapStringEx
                                                                                                                                                                                                                            • API String ID: 2588686239-3893581201
                                                                                                                                                                                                                            • Opcode ID: f6cc7dc4c18284a5f607d832a4838958271fd3e644fb08c6973070f79d4d0757
                                                                                                                                                                                                                            • Instruction ID: 42b4cb1e900505e124af3b6e092bbab0b1fdb22d86cf30d6253eff5ae67c3a24
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6cc7dc4c18284a5f607d832a4838958271fd3e644fb08c6973070f79d4d0757
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B11F936608BC186D760DF25B4402AAF7A5FB89BA0F544136EACD93B19CF3CE5448B50
                                                                                                                                                                                                                            Function 70A05440 Relevance: 5.3, APIs: 4, Instructions: 286COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3510742995-0
                                                                                                                                                                                                                            • Opcode ID: 844357e0e3fdaf66b55b557e895eaca4895dc4424bb1714d2d459cc1e7947284
                                                                                                                                                                                                                            • Instruction ID: 1458fb00bc27e688268c9974f704bdc73d35f768dcab5dd3191ae4570fafc89c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 844357e0e3fdaf66b55b557e895eaca4895dc4424bb1714d2d459cc1e7947284
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60B105B26187C886CB42CB35E804A4F7FADEB05790F89C615EE5A4B39CE739C955D301
                                                                                                                                                                                                                            Function 00007FF7CFBDA7E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 3215553584-336475711
                                                                                                                                                                                                                            • Opcode ID: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                                                            • Instruction ID: 03958cffb3aabfc21e0b0cd34d1741148874df5ccf1f9458baff15f0d13edf7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC01A26290C28285F724BF70A4612FFA360EF44764FC00036D94D86696EF3CE5058B35
                                                                                                                                                                                                                            Function 00007FF7CFBD9A34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF7CFBD9A65
                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF7CFBD5D0E,?,?,?,00007FF7CFBD5C06,?,?,?,00007FF7CFBD0C32,?,?,00000000,00007FF7CFBC3BA9), ref: 00007FF7CFBD9A7F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                                                                            • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                            • API String ID: 539475747-3084827643
                                                                                                                                                                                                                            • Opcode ID: fc613323f04bb19a95fccbb7a97f89168904b09938c4ff9a868c3f34c5850709
                                                                                                                                                                                                                            • Instruction ID: da14fc55365c2b82a99b56c93673dce0fdb0b1d7c6abf12dbde0c46ddc51362f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc613323f04bb19a95fccbb7a97f89168904b09938c4ff9a868c3f34c5850709
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CF05426B187C181E6186F61F5401F5A361AF48BA0FC45036DA5D13B58CF7CE945C770
                                                                                                                                                                                                                            Function 70A2D050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __iob_func.MSVCRT ref: 70A2D060
                                                                                                                                                                                                                            • abort.MSVCRT(?,?,?,?,CA4587E7,70A2DC6F,?,?,?,?,70A02A6C), ref: 70A2D081
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 70A2D066
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __iob_funcabort
                                                                                                                                                                                                                            • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                                                            • API String ID: 1307436159-2823265812
                                                                                                                                                                                                                            • Opcode ID: 539d72766582ce3841a7e1f0d2228c2204600d3cd5414ede9323b89e3cc8baf1
                                                                                                                                                                                                                            • Instruction ID: 3c9a46387d4dd623e250bdc5f4e66e26fadd665b16b3b8d30be5f7a7491526b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 539d72766582ce3841a7e1f0d2228c2204600d3cd5414ede9323b89e3cc8baf1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8D05B6173465995D61067155A047595B90BB5DFD4F445210ED4C83B145B28D106C340
                                                                                                                                                                                                                            Function 00007FF7CFBD99E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF7CFBD9A09
                                                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,?,00000000,00007FF7CFBD86AA,?,?,00000000,00007FF7CFBCFC79,?,?,?,?,00007FF7CFBD59F1), ref: 00007FF7CFBD9A20
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1908815780.00007FF7CFBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7CFBC0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908782758.00007FF7CFBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908881430.00007FF7CFBE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBF7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFBFA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1908918852.00007FF7CFC06000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1909011246.00007FF7CFC08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7cfbc0000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Valuetry_get_function
                                                                                                                                                                                                                            • String ID: FlsSetValue
                                                                                                                                                                                                                            • API String ID: 738293619-3750699315
                                                                                                                                                                                                                            • Opcode ID: bd8a3b7dfe699e95648d1a6f597fab97cbf9c501d19f7925580fd405873d9e1a
                                                                                                                                                                                                                            • Instruction ID: dc4289760bee6367514f384b1fbffe3202719a72335a9011b6ed0ba799808303
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd8a3b7dfe699e95648d1a6f597fab97cbf9c501d19f7925580fd405873d9e1a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E06562A1868282EA087F75F8002F4A222EF487A0FC85032D51D06254CF3CF844C331
                                                                                                                                                                                                                            Function 70A02410 Relevance: 5.0, APIs: 4, Instructions: 48stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$freestrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1041141762-0
                                                                                                                                                                                                                            • Opcode ID: ad294e4099f02295f2357813c19e238679c318336faa74baaf090b328041f331
                                                                                                                                                                                                                            • Instruction ID: 7657683141d96642da2e915fd1b06505071c85329e96f7a2047e7f83e377e4b7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad294e4099f02295f2357813c19e238679c318336faa74baaf090b328041f331
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33F0F42270035449E725DB23BD41B1FA6D5BB8CBD8F4881389E4D43B68EE3CD5468304
                                                                                                                                                                                                                            Function 70A95BE0 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.1900034152.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1899830968.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900424949.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1900685769.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901421931.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1901990545.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902014422.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902035367.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902054506.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902073683.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.1902093270.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_70a00000_1A70mZfanW.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4020351045-0
                                                                                                                                                                                                                            • Opcode ID: 53514f2576c33a93f94888c7a190621c108a357db63a2f10436ba914c2f820f4
                                                                                                                                                                                                                            • Instruction ID: a1537baa55c5f4dddb1b342b8b21c7a8725dbea1ab280a00a165f08c7997eb80
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53514f2576c33a93f94888c7a190621c108a357db63a2f10436ba914c2f820f4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22011E71B29701C6EF09CB75E99131933F1B798B90F904625C91E87328EB7CEA428304